Privacy Policy - Clients


PRIVACY INFORMATION NOTICE - CLIENTS

We are Peninsula Business Services Ltd (“Peninsula”), part of The Peninsula Group. In accordance with the General Data Protection Regulation (GDPR), Peninsula has implemented this privacy information notice to inform you, our current and former clients, of how Peninsula uses the personal data we collect from you.

When delivering our professional services such as employment law advice, health and safety services and legal representation, we are a Data Controller of the personal data that you supply to us under your contract with us.  When delivering our online platforms, such as Business Safe Online, we are a Data Processor.

We take our data protection responsibilities seriously and have data processing terms already in place in the terms and conditions of the Business Safe Online product, so we do not need a separate data processing agreement for this platform.

All employees that handle your personal data are trained in ensuring data is processed in line with the GDPR.

 

DATA PROTECTION PRINCIPLES

We will ensure that we:

  • process all personal data lawfully, fairly and in a transparent manner;
  • collect personal data for a specified, explicit, and legitimate purpose;
  • ensure the personal data we process is adequate, relevant and limited to what is necessary for the purposes for which it was collected;
  • ensure the personal data is accurate and up to date;
  • keep your personal data for no longer than is necessary for the purposes for which it was collected;
  • keep your personal data secure using appropriate technical or organisation measures.

 

TYPES OF DATA HELD

We hold the following types of data:

  • personal details such as name, address, phone numbers, job title, email addresses for the main contact and other contacts for the delivery of the service
  • personal details such as name, address, phone numbers, job title, email addresses, job description, salary, disciplinary and grievance records, annual leave records, sickness, family related leave, appraisal, performance information provided to us for the delivery of the service
  • gender, marital status, race, religion, trade union membership, information of any disability that employees may have or other medical information that is supplied to us for the purposes of delivering the service (advice, litigation etc)
  • IT service use including online service access records.

 

COLLECTING YOUR DATA

You provide several pieces of data to us directly when the contract is signed, during the onboarding process, during the contract and after the contract has ended.

We use a variety of computer systems to store client data, process it and make use of it for the provision of our services.

 

LAWFUL BASIS FOR PROCESSING

The information below categorises the types of data we process and our lawful basis for doing so.

Activity requiring your data

Lawful basis

Set up your account

Performance of the contract

Carry out the delivery of the services you have on your account

Performance of the contract

Ensuring payments are made under your account

Performance of the contract

Ensuring VAT and insurance premium tax is paid

Legal obligation

Carrying out checks in relation to your company status and validating the information supplied to us

Legal obligation

Making financial decisions in relation to entering both initial and subsequent contracts

Our legitimate interests

Making decisions about service delivery methods

Our legitimate interests

Ensuring efficient administration of contractual services to you

Our legitimate interests

Effectively monitoring the service provided including adherence to commitments and service entitlements

Our legitimate interests

Maintaining up to date records about you to ensure, amongst other things, effective correspondence can be achieved and appropriate contact points in place

Our legitimate interests

Dealing with legal claims made against us

Our legitimate interests

Preventing fraud

Our legitimate interests

Ensuring our administrative and IT systems are secure and robust against unauthorised access

Our legitimate interests

Recording of calls for training, monitoring & dispute resolution

Our legitimate interests

 

SPECIAL CATEGORIES OF DATA

Special categories of data are data relating to:

  • health
  • sex life
  • sexual orientation
  • race
  • ethnic origin
  • political opinion
  • religion
  • trade union membership
  • genetic and biometric data.

We process special categories of data when:

  • you have given explicit consent to the processing;
  • we must process the data in order to carry out our legal obligations;
  • to protect your vital interests or for reasons of substantial public interest;
  • you have already made the data public.

           

SOURCE OF DATA

The personal data that we hold about you will be received from yourself or others in your business during the onboarding process and during the lifetime of your account.

Peninsula receives referrals from other clients and purchases marketing lists from 118 Data Resource Ltd. More details about the data handling practices for 118 Data Resource Ltd are available on their website http://www.118information.co.uk/privacy/

 

CRIMINAL CONVICTION DATA

We will only collect criminal conviction data where it is appropriate to the provision of the services that you are contracted to receive.

 

WHO WE SHARE YOUR DATA WITH

Peninsula Business Services Ltd is one of several companies in The Peninsula Group. Several parts of The Group might be involved in delivering services to you. Data will be shared with these other companies to facilitate the delivery of all the services you are contracted to receive.

We will occasionally contact you regarding new and existing services that you do not currently receive that we think may help you. You have the right at any time to stop us contacting you regarding other products and services. Please email client.experience@peninsula-uk.com and ask for your contact details to be suppressed, and we will opt you out of marketing contact, or click on the ‘unsubscribe’ option on the bottom of our emails.

Data leaves the UK in the following circumstances:

1)         We offer a transcription service, currently provided by a trusted third party. Some of the transcribers are in the EEA and some are outside the EEA. If you do not use the optional transcription service, your data will not be sent to the transcribers.

If you need to know more about this arrangement, please do not hesitate to contact us at gdpr@peninsula-uk.com and we will be happy to advise you further. Please provide your account number so we can confirm the range of services you are contracted to receive.

2)         We make use of offsite servers (“cloud service providers”). If you would like to know more about our cloud service providers, please contact us at gdpr@peninsula-uk.com giving us your client account number.

 

PROTECTING YOUR DATA

We have an Information Security Team dedicated to protecting our IT assets, which includes ensuring all our systems are robustly secured.

 

RETENTION PERIODS

Record

Recommended Retention Period

Assessments under health and safety regulations and records of consultations with safety representatives and committees

Permanently

HMRC approvals

Permanently

Money purchase details

6 years after transfer or value taken

Health data

30 or 50 years

Litigation cases

7 years from the conclusion of the litigation case

All other data

7 years from the date the service contract with us terminates

 

CLIENT RIGHTS

You have the following data protection rights:

  1. To be informed via Privacy Information Notices such as this;
  2. Withdraw consent – if we rely on your consent to process your data then you can remove that at any point;
  3. Request access to the data we hold on you;
  4. Request rectification of any inaccuracies in the data we hold on you, however they come to light, to be corrected;
  5. Request erasure of data in certain circumstances;
  6. Restrict the processing of the data;
  7. Request a transfer of the data we hold on you to another party;
  8. You may object to your information being used for marketing purposes;
  9. And finally, to regulate any automated decision-making and profiling of personal data. Please note, however, that no decisions will be made about you by Peninsula solely on the basis of automated decision making.

 

EXERCISING YOUR RIGHTS

The Data Protection and Compliance Officer is:

 

Andrew Martin

Telephone       0844 892 2779

Email               gdpr@peninsula-uk.com

If you would like to exercise any of your GDPR rights (set out in the above section), please write to us or email us setting out the full nature of your request, identifying your client account number.

If you wish to request access to your data (“subject access request”). 

 

By post:

GDPR

Legal Services

Peninsula Business Services Ltd

The Peninsula

Victoria Place

Manchester

M4 4FB

 

By email: gdpr@peninsula-uk.com

 

More guidance about exercising your rights is available from the ICO

https://ico.org.uk/your-data-matters/

 

MAKING A COMPLAINT

If you have a concern regarding data protection or your GDPR rights, please contact us in the first instance so that we can investigate. Our address and email address are above. Please set out the nature of your concerns, provide your client account number and we will investigate.

If you are unhappy with our response to your request, the regulator of data protection in the UK is the Information Commissioner’s Officer (ICO).

You can find more information about your rights at

https://ico.org.uk/your-data-matters/

The ICO can be contacted on 0303 123 1113.

 

Suggested Resources