At FirstFound, we’re committed to protecting and respecting your privacy. We welcomed the introduction of GDPR on 25 May 2018 as such a significant milestone in data protection.
This Policy tells you how we collect, use and protect your information when you visit our websites and when you use our products and services.
We may change this Policy from time to time so please check this page occasionally to ensure that you’re happy with any changes. This policy was last updated on 14 August 2019.
Any questions regarding this Policy and our privacy practices should be sent by email to firstname.lastname@example.org or by writing to The Privacy Officer, FirstFound, St. James’s Buildings, Oxford Street, Manchester M1 6FQ
Who we are
This website is operated by FirstFound which is a trading name of Leven Consultants Ltd (a company registered in England & Wales, number 3710736). Our registered address is St. James’s Buildings, Oxford Street, Manchester M1 6FQ
How do we collect information from you?
The information we collect about you will depend on what interaction we have with each other.
Visitors to our Website
Visitors to our website who do not complete any of our enquiry forms will remain anonymous to us and we will not obtain any of your personal information.
We do use Google Analytics to measure traffic across our websites. We do this to help make sure the site is meeting the needs of its visitors and to help us make improvements. Google Analytics stores information such as how visitors reached our site, what pages they visit, how long they spend on the site and what type of browser they were using.
If you complete any of our contact or information request forms, you will be passing the information you enter to us. We will use that information to respond to you. If the information you request is about one of our products or services we will send you information about those products or services and this will be considered to be marketing to you. The lawful basis on which we process your data to market to you is that it is in our legitimate commercial interests to do so.
If you become a customer of ours we will obtain personal information from you during the course of your purchase and subsequently whilst we provide that service to you.
The type of personal information we may collect will be:
Your name, your email address and your telephone numbers. We will also collect information about your business, some of which may also be personal information. This may include your address and your payment information. The basis on which we will process this information is to fulfil our contractual obligations to you.
We may also use your personal data to provide you with details of additional products or services which we believe may be of interest to you. The lawful basis on which we process your data to market to you is that it is in our legitimate commercial interests to do so.
We may also use your personal information to invite you give your comments on the products and services you purchase from us so that we can improve those products and services. The lawful basis on which we process your data to market to you is that it is in our legitimate commercial interests to do so.
If you cease to be a customer we will need to retain some of your personal data to fulfil our accounting and other obligations. We will retain your data for six years after the end of the accounting period in which you had any financial dealings with us. Our accounting period ends at the end of February. The basis on which we will retain your data is under a legal obligation.
After this period your personal data will be completely deleted with the exception of the following business information which may be the same as your personal information if you do not have a separate business name, or trade from home, or use your personal telephone numbers, or paid us personally:
- Your business name
- Your business address
- Your business telephone numbers
We retain this information so that we do not market to you and do so as it is in our legitimate interests to do so.
We will also retain records of the payments that you made to us in respect of your business and if you made those payments from your personal bank account that would also constitute personal information. The basis on which we will retain this data is under a legal obligation.
In the course of marketing to you, we may obtain some personal information. The lawful basis on which we process this data is that it is in our legitimate commercial interests to do so. This information will never be disclosed to any third parties and you can request that we delete the information or do not market to you at any time. If you request that we do not market to you we will retain the information necessary to ensure that we do not contact you and only use that information for that purpose. To update your preferences in regards to marketing please email email@example.com
We record some telephone calls for training purposes and personal information may be disclosed by you in such telephone calls. These telephone calls are available for review by our Management team only and are automatically deleted after 45 days. The lawful basis on which we record telephone calls is that it is in our legitimate commercial interests to do so.
Visitors to our Offices
Visitors to our premises may be recorded on our CCTV. Recordings are normally deleted after 30 days. The lawful basis on which we record CCTV is that it is in our legitimate commercial interests to do so.
The information you provide during a job application will only be used for the purpose of progressing your application, or to fulfil legal or regulatory requirements if necessary. If your application is successful the information you provide during the application process will form part of your employment file.
If your application is unsuccessful we will retain your information for a period of time not exceeding one year from the closure of the recruitment campaign so that we can contact you if a role similar to the one you applied for becomes available.
Who has access to the information you give us?
We will not sell or rent your information to third parties and we will not share your information with third parties for marketing purposes.
Your payment information will be processed through secure third parties including Credit Card merchants, providers and banks. Only the information necessary to process your payment will be processed in this way.
Our website features the products and services of third party providers such as Google, Bing, Yahoo, Facebook and Twitter. Where a service is to be provided by a third party, your information may be shared with that third party for the purposes of delivering that service to you.
Where an external third party is based outside the European Economic Area (EEA) we will only transfer your personal data to them if they are based in a country that has been deemed to provide an adequate level of protection for personal data or we will use specific contracts approved by the European Commission which give personal data the same protection it has in Europe with our services providers or we may transfer data to US based service providers under the Privacy Shield which requires them to provide similar protection to personal data shared between Europe and the US.
We may also be obliged to disclose your personal information to meet any legal requirements or obligations in accordance with the law.
How you can access your information
If you would like a copy of any of the information we hold about you, please email us at firstname.lastname@example.org or by writing to The Privacy Officer, FirstFound, St. James’s Buildings, Oxford Street, Manchester M1 6FQ.
If you provide a brief outline of what information you would like this will enable us to provide the information more quickly.
We will take reasonable steps to confirm your identity before providing you with details of any personal information we hold about you.
Security precautions in place to protect your information
When you give us personal information, we take steps to ensure that it’s treated securely. Any sensitive information (such as credit card or bank details) is encrypted to industry standards.
Emails are not encrypted and may route through a number of countries before being delivered as this is how the Internet works. As a result, while we strive to protect your personal information, we cannot guarantee the security of any information you transmit to us by email.
The information we hold is held within our offices and uses industry standard security measures to ensure it is safe.
If you contact us through a social media platform such as Facebook or Twitter, your information will be recorded by that platform.
Where we have given you a password which enables you to access certain parts of our websites, you are responsible for keeping this password confidential.
Links to other websites
Your rights under GDPR
You have eight rights under GDPR as follows:
The right to be informed
The right of access
Individuals have the right to access their personal data and we will comply with any such requests.
The right to rectification
Individuals have the right to have inaccurate personal data rectified and we will rectify any information that is incorrect when you bring it to our attention.
The right to erasure
Individuals have the right to have personal data erased. We will comply with any such requests unless we are processing your data under a contract or legal obligation (for example if you are or were a customer).
The right to restrict processing
Individuals have the right to request the restriction or suppression of their personal data. This only applies in certain circumstances and if you make such a request we will consider those circumstances.
The right to data portability
Individuals have the right to obtain and reuse their personal data for their own purposes across different services. It is unlikely that there would be circumstances where this would apply with the personal data we hold.
The right to object
Individuals have the right to object to processing based on legitimate interests and we will comply with all such objections.
Rights in relation to automated decision making and profiling.
The GDPR has provisions on automated individual decision-making and profiling. We do not use automated decision making or profiling.
More information on these rights is available at www.ico.org.uk
If you think we have breached any of your rights then please email email@example.com and we will rectify things.
If you think we have breached your rights you can also complain to a Supervising Authority although we would appreciate being given the opportunity to rectify things before you do so. The Supervising Authority in the UK is The Information Commissioner’s Office (www.ico.org.uk)
Review of this Policy
We keep this Policy under regular review. This Policy was last reviewed in August 2019.