This Privacy Notice provides details of the personal data we collect from you, what we do with it, how you might access it and who it might be shared with.
We will ensure that your personal information is treated with the utmost respect and in accordance with EU General Data Protection Regulation (GDPR) on the protection of individuals with regard to processing of personal data and on the free movement of such data.
Our Contact Information (Data Controller)
Double First Ltd
Units 3&4 Andromeda House, Calleva Park,
Aldermaston RG7 8AN, United Kingdom
Tel: 01635 88 44 85
What we do with your personal data
We process personal data only for the purpose for which they are collected. The purpose is dependent on whether you use only our website, or additionally, our services.
If you use our services, we will necessarily collect elements of your personal data. We use this personal data for the provision of the service or the performance of the contract. We may use your personal data for other similar purposes, including marketing and communications, but that will only occur in the case we have your consent or another legal justification for doing so.
What personal data do we collect and how do we use it?
The personal data we collect and use depends on whether you just visit our website, use our services, or engage with us in other ways:
If you visit our website, you do not need to provide us with any personal data. However, your browser transmits some data automatically, such as the date and time of retrieval of one of our web pages, your browser type and settings, your operating system, the last web page you visited, the data transmitted and the access status, and your IP address. Some of this data is recorded on log files held on our secure web server, which is hosted at an enterprise grade facility in the EU.
We use a third-party service, Google Analytics, to collect standard internet log information and details of visitor behaviour patterns. We do this to find out things such as the number of visitors to the various parts of the site. This information is only processed in a way which does not identify anyone. We do not make, and do not allow Google to make, any attempt to find out the identities of those visiting our website.
If we do want to collect personally identifiable information through our website, we will do so through the Contact Form on the website which is made available for the purposes of contacting us. Personal data gathered from this form will only be used for the purposes of contacting you and answering your questions, unless you have, or later form, a contractual or service relationship with us.
Google Analytics data will be retained for 38 months and then automatically deleted. Contact form data on our web server will be deleted every 12 months. Contact form data transferred as a part of offering and managing services will be retained according to our policy below.
Events, exhibitions and offers
If you engage with us at an event or exhibition, or respond in any way to an advertised service or offer, we will gather only such data as is sufficient to communicate with you about that service or offer. The record of your engagement with us will be treated in common with our Services policies and processes (see below).
If we are seeking to communicate details of other relevant offers and services using data gathered at an event, exhibition, or in response to other marketing communications from 25 May 2018 onwards, then we will seek your explicit opt in to do so.
We will not sell or gift any data gathered from you when responding to your enquiries.
Services and sales
If you use our services, or engage with us regarding the potential use of our services, we collect only sufficient personal data as required to fulfil the requirements of a contractual or service relationship, which may exist between you and our organisation.
Personal data used to fulfil the requirements of a contractual or service relationship will predominantly be managed using our organisation’s business management software, Dynamics and our accounts software, Sage all of which are securely hosted. We also use a funding provider, Macquarie, with whom we exchange only the personal data necessary to provide financial products for customers that explicitly request them. You can read the Macquarie Fair Processing Notice here.
Personal data in the form of contact details and correspondence will also be securely managed on our Office 365 environment which is managed to enterprise grade security levels by Microsoft.
Telephone calls are managed on our hosted unified communications platform, 8x8, unless received on a company mobile number given to you for the purposes of contacting an employee in the field. We will not record any telephone calls for training or other purposes unless we warn you in advance.
We may also use the 8x8 platform to invite you to virtual meetings, with audio, video and desktop share options. We will not record any virtual meetings, unless we receive your explicit permission to do so.
All personal data relating to any contractual or service relationship will typically be held for at least six years after the financial year in which the relationship commenced.
Voicemail data will typically be deleted within three months.
We use our business management software solution, Dynamics and an associated service, Click Dynamics, to deliver e-newsletters from time to time. We deliver these only to email addresses where we believe we have a legitimate interest in personal data. Each email contains clear instructions to opt out of further mailings. We regularly clear our lists of inactive and irrelevant data.
We gather statistics around email opening and clicks using industry standard technologies including clear gifs to help us monitor and improve our e-newsletter and to improve our understanding of whether our emails are valued by you.
Inactive personal data (email addresses for which there has been no discernible response over the previous 24 months at point of checking) will be removed from our active email marketing system lists at an annual review point every 12 months. To guarantee that your email preferences are respected, any personal data for which we have received an opt out request or repeat hard or soft bounces (failure to deliver) will be retained in a secure exclusion list for at least six years.
Job applications, current and past employment records
Double First Ltd is the data controller for the information you provide during job application processes, current employment and management of past employment records, unless otherwise stated.
Our primary means of handling recruitment processes is our Office 365 email system, telephone contact and an enterprise grade hosted management system, PeopleHR. Some records may be stored on restricted access areas of the company’s own servers and any paper records will be retained in a locked area of the office accessible only to the HR team.
The PeopleHR platform is our predominant means of handling current and past employment records and you can read about the measures take to secure your personal data here: https://security.peoplehr.com. Any necessary paper records will be retained in a locked area of the office accessible only to the HR team.
We utilise some HR services from a partner company, du Pré Ltd. It is contractually bound to our confidentiality and data security standards.
Recruitment and employment records are typically kept only for as long as necessary to fulfil our legal obligations, but no longer than six years after last contact.
How do we look after personal data
We limit the amount of personal data collected only to what is fit for the purpose, as described above. We restrict, secure and control all of our information assets against unauthorised access, damage, loss or destruction; whether physical or electronic. We retain personal data only for as long as is described above, to respond to your requests, or longer if required by law. If we retain your personal data for historical or statistical purposes, we ensure that the personal data cannot be used further.
While in our possession, together with your assistance, we try to maintain the accuracy of your personal data.
How can you access your personal data?
You have the right to request access to any of your personal data we may hold. If any of that information is incorrect, you may request that we correct it. If we are improperly using your information, you may request that we stop using it or even delete it completely.
Where you have previously given your consent to process your personal data, you also have the right to request that we port or transfer your personal data to a different service provider or to yourself, if you so wish.
Where it may have been necessary to get your consent to use your personal data, at any moment, you have the right to withdraw that consent. If you withdraw your consent, we will cease using your personal data without affecting the lawfulness of processing based on consent before your withdrawal.
Our Supervisory Authority
You have the right to lodge a complaint with any Supervisory Authority. See our Supervisory Authority contact details below
Information Commissioner's Office
Water Lane, Wycliffe House, Wilmslow, Cheshire SK9 5AF