Privacy Policy
Introduction
Bellingham Employment Partners has established a general Privacy Information Statement concerning the services and data we collect from clients in compliance with the General Data Protection Regulation (GDPR). Bellingham Employment Partners values your privacy and is dedicated to safeguarding your personal data. This privacy statement will inform you about how we manage the personal data you provide when entering into a service agreement with us.
Important Information And Who We Are
Purpose of this Privacy Statement
This privacy statement aims to provide information on how Bellingham Employment Partners collects and processes the personal data you supply when entering into a contract for Employment Law, HR, and Health & Safety services.
Controller
Bellingham Employment Partners is the controller and is responsible for your personal data (collectively referred to as the “Company,” “we,” “us,” or “our”) in this privacy statement.
We have appointed a Data Privacy Manager responsible for addressing any questions related to this privacy policy. If you have any inquiries about this privacy statement or requests to exercise your legal rights, please contact the Data Privacy Manager using the details provided below.
Contact Details
If you have any questions about this privacy policy or our privacy practices, please reach out to our Data Privacy Manager in the following ways:
- **Full Name of Legal Entity:** Bellingham Employment Partners
- **Email Address:** info@bellinghamemploymentpartners.com
You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues ([www.ico.org.uk](http://www.ico.org.uk)). However, we would appreciate the opportunity to address your concerns before you approach the ICO, so please contact us in the first instance.
Changes to the privacy policy and your duty to inform us of changes
We keep our website privacy policy and privacy statement under regular review.
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.
The Data We Collect About You
We collect a range of personal data from our clients to assist us in delivering the agreed services under the contract. Additionally, we store data within our computer systems, such as general day-to-day Employment Law and HR advice provided as part of our advisory service, along with documents shared with clients under our service, like employment contracts. This does not include data where the identity has been removed (anonymous data).
We may collect, use, and store various types of personal data from our clients, including:
- **Contact Data:** This includes personal details such as names, addresses, phone numbers, job titles, and email addresses for the main contact and additional contacts necessary for service delivery.
- **Identity Data:** This encompasses personal details of any employees of our clients, including names, addresses, phone numbers, job titles, email addresses, job descriptions, salaries, disciplinary and grievance records, annual leave records, criminal convictions, sickness records, family-related leave, appraisals, performance information, gender, marital status, race, religion, trade union membership, and any disability or medical information provided to us for the purpose of delivering our services, including day-to-day advice and conducting Employment Tribunal litigation on behalf of clients.
- **Financial Data:** This consists of bank account and payment card details.
- **Transaction Data:** This includes information about payments to and from clients, along with details of products and services clients have purchased from us.
- **Usage Data:** This contains information about how clients use our products and services.
- **Marketing and Communications Data:** This involves client preferences regarding marketing communications and contact preferences.
We also collect Special Categories of Personal Data about employees of clients, including details related to race or ethnicity, religious or philosophical beliefs, sexual orientation, political opinions, trade union membership, health information, and genetic and biometric data.
We process the special category data mentioned above to deliver advisory services concerning employment and health and safety legislation. This data will be provided to us or requested by us to ensure that clients receive appropriate advice and support.
More commonly, we will process special categories of data when the following conditions apply:
- Clients have provided explicit consent for the processing.
- We need to process the data to fulfil our legal obligations.
- We must process the data for reasons of substantial public interest.
- Clients have already made the data public.
We will only collect data regarding criminal convictions when it is pertinent to the services you are contracted to receive. This data is typically gathered at the advisory stage or during litigation but may be collected at any point during the contract if necessary. We utilise criminal conviction data to manage potential or future litigation involving client employees and workers, as well as to inform the advice and services we provide to clients. We rely on the lawful basis of legitimate interest to process this data.
If you fail to provide data
If we are required to collect data by law or under the terms of a contract with a client, and the client fails to provide that data upon request, we may be unable to fulfil the contract we have or are attempting to enter into. In such instances, we may need to cancel a product or service provided to the client, and we will inform them of this at the time.
How Is Data Collected?
We gather data from clients through direct interactions, such as completing forms or corresponding with us via post, telephone, email, or other means. This data is collected at the time the contract is signed, during the onboarding process, throughout the duration of the contract, and even after the contract has ended.
How We Use Your Personal Data
We will only use data clients have provided to us when the law allows us to. Most commonly, we will use client data in the following circumstances:
- Where we need to perform the contract, we are about to enter into or have entered into with a client.
- Where it is necessary for our legitimate interests (or those of a third party) and a client’s interests and fundamental rights do not override those interests.
- Where we need to comply with a legal obligation. Generally, we do not rely on consent as a legal basis for processing client personal data, although we will get consent before sending third-party direct marketing communications to you via email or text message. Any client has the right to withdraw consent to marketing at any time by contacting us.
Purposes for which we will use client data
Below, we have outlined a table describing all the ways we intend to use client personal data, along with the legal bases we rely on for each purpose. We have also identified our legitimate interests where applicable.
Please note that we may process client personal data under multiple lawful grounds, depending on the specific purpose for which we are using the data. If you require details about the specific legal grounds we are relying on to process client personal data when more than one ground is mentioned in the table below, please contact us.
-
Client Registration and Account Setup
- Data Types:
- Identity Data
- Contact Data
- Lawful Basis: This is processed under the performance of a contract with the client.
- Data Types:
-
Delivery of Services
- Data Types:
- Identity Data
- Contact Data
- Lawful Basis: This is also processed under the performance of a contract with the client.
- Data Types:
Payment Management
- Data Types:
- Contact Data
- Financial Data
- Transaction Data
- Lawful Basis:
- Performance of a contract with the client.
- Necessary to comply with a legal obligation.
- Necessary for legitimate interests, such as maintaining updated records and analyzing customer usage of products/services.
-
Contractual Administration and Record Maintenance
- Data Types:
- Contact Data
- Identity Data
- Usage Data
- Lawful Basis:
- Performance of a contract with the client.
- Necessary for legitimate interests, including studying customer usage, product development, and business growth.
- Data Types:
-
Business and IT System Protection
- Data Types:
- Identity Data
- Contact Data
- Lawful Basis: Necessary for legitimate interests, such as business operations, administration, IT service provision, network security, fraud prevention, and business restructuring.
- Data Types:
-
Website Content and Advertising
- Data Types:
- Identity Data
- Usage Data
- Marketing and Communications Data
- Lawful Basis: Necessary for legitimate interests, including studying customer usage, developing products/services, business growth, and marketing strategy formulation.
- Data Types:
-
Recommendations for Products and Services
- Data Types:
- Contact Data
- Usage Data
- Marketing and Communications Data
- Lawful Basis: Necessary for legitimate interests, focusing on product/service development and business growth.
- Data Types:
Marketing
We strive to provide clients with choices regarding certain personal data uses, particularly around marketing and advertising.
Promotional offers from us
We may utilize client Contact and Usage Data to assess what we believe a client might want or need, as well as what could be of interest to them. This process helps us determine the relevant products, services, and offers for each client, which we refer to as marketing.
Clients will receive marketing communications from us if they have either requested information or purchased services from us, provided they have not opted out of receiving such marketing materials.
Third-party marketing
We will get an express opt-in consent from any client before sharing client’s personal data with any third party for marketing purposes.
Opting out
A client can ask us or third parties to stop sending you marketing messages at any time by contacting us at any time.
Where a client opts out of receiving these marketing messages, this will not apply to personal data provided to us as a result of a product/service purchase, product/service experience or other transactions.
Change of purpose
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us.
If we need to use your personal data for an unrelated purpose, we will notify you, and we will explain the legal basis which allows us to do so.
Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
Disclosures Of Client Personal Data
We may disclose client personal data to the parties listed below: External Third Parties as defined in the Glossary. We ensure that all third parties uphold the security of client personal data and handle it in compliance with the law. Our third-party service providers are not permitted to use client personal data for their own purposes; they can only process this data for specified purposes and according to our directives.
International Transfers
We do not transfer client personal data outside the European Economic Area (EEA).
Data Security
We have implemented suitable security measures to protect client personal data from accidental loss, unauthorized use or access, alteration, or disclosure.
Furthermore, access to your personal data is restricted to employees, agents, contractors, and other third parties who need to know it for business purposes. They will process client personal data only according to our instructions and are bound by a duty of confidentiality.
We have established procedures to address any suspected personal data breaches and will inform you and any relevant regulator of a breach when we are legally obligated to do so.
Data Retention
How long will you use client personal data for?
We will only retain client personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We will retain client data for the duration of the service agreement and may retain data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with any client.
To determine the appropriate retention period for client personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of client personal data, the purposes for which we process client personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.
By law we have to keep basic information about our customers (including Contact, Financial and Transaction Data) for 6 years after they cease being customers for tax purposes.
In some circumstances you can ask us to delete your data: see client legal rights below for further information.
Client Legal Rights
Under certain circumstances, clients have rights under data protection laws in relation to your personal data.
- Request access to your personal data.
- Request correction of your personal data.
- Request erasure of your personal data.
- Object to processing of your personal data.
- Request restriction of processing your personal data.
- Request transfer of your personal data.
- Right to withdraw consent.
If you wish to exercise any of the rights set out above, please contact us.
No fee usually required
A client will not have to pay a fee to access their personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if a request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with a request in these circumstances.
What we may need from you
We may need to request specific information from a client to help us confirm their identity and ensure their right to access their personal data (or to exercise any other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact a client to ask you for further information in relation to your request to speed up our response.
Time limit to respond
We try to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if a request is particularly complex or a client has made a number of requests. In this case, we will notify clients and keep them updated.
Glossary
LAWFUL BASIS
Legitimate Interest means the interest of our business in conducting and managing our business to enable us to give you the best service/product and the best and most secure experience. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law). You can obtain further information about how we assess our legitimate interests against any potential impact on you in respect of specific activities by contacting us.
Performance of Contract means processing your data where it is necessary for the performance of a contract to which you are a party or to take steps at your request before entering into such a contract.
Comply with a legal obligation means processing your personal data where it is necessary for compliance with a legal obligation that we are subject to.
THIRD PARTIES
External Third Parties
- Service providers who provide IT and system administration services.
- Professional advisers acting as processors or joint controllers including lawyers, bankers, auditors and insurers based in the United Kingdom who provide consultancy, banking, legal, insurance and accounting services.
- HM Revenue & Customs, regulators and other authorities acting as processors or joint controllers based in the United Kingdom who require reporting of processing activities in certain circumstances.
YOUR LEGAL RIGHTS
You have the right to:
Request access to your personal data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios:
- If you want us to establish the data’s accuracy.
- Where our use of the data is unlawful but you do not want us to erase it.
- Where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims.
- You have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
Request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.