The General Data Protection Regulation (GDPR) took effect in the UK in May 2018. It replaced the existing law on data protection (the Data Protection Act 1998) and gives individuals more rights and protection in how their personal data is used by organisations.
SEL Business Languages Ltd (referred to below using ‘SELBL’, ‘we’, ‘the company’ , ‘us’, ‘our’) was compliant with the Data Protection Act and that has been extended to include GDPR.
SELBL is fully registered for GDPR with the overseeing body in the UK, the Information Commissioner’s Office and has its own security number allocated under the appropriate organisation category.
SELBL respects individuals’ and freelances’ privacy and protects their personal data.
This privacy notice informs you how we look after current and new freelances’ personal data, and how the law protects you.
This notice applies to the systems and controls used for the private identification, storage, protection, retrieval, retention and disposal of all personal data, held in electronic or paper copy, by which SELBL delivers its services. In addition, it lays down what happens to the data once the purpose for which the data was originally collected has ended, and our position in the event of personal data being breached or lost.
The scope extends to all activities within SELBL which require the private recording and storage of data, activities which may be performed both internally by SELBL staff and externally by SELBL freelances.
Under the regulation, SELBL affords individuals, with regard to their own personal data, the legal right to:
- Be informed
- Have access
- Make an objection
- Request rectification
- Request return
- Request erasure
- Be excluded from automated, profiling data analysis.
All personal data which is provided on request by SELBL is free of charge. All personal data collected by us is in line with and relevant to the purpose for which it was originallycollected.
No personal data is required or collected relating to children.
No personal data is collected relating to individuals visiting or surfing our website, unless information is willingly sent to us via our website Contact Us form.
However, our website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements.
SELBL has a data processor, Blanka, who is responsible for the safe storage, accessibility and deletion of personal data generated or received by her, as well as for performing the best-suited course of action in the event of data loss or a data breach.
Any questions regarding the use of personal data by us should be addressed to her.
We also have a data controller which is SELBL the company itself, represented by Mr G. McLeish, who controls processing and holds responsibility for data protection compliance.
Freelances’ data is primarily stored in a Microsoft-hosted, cloud-based, encrypted database, which is regularly updated and upgraded.
Where our data processor has requested such, or an individual prospecting for work has forwarded it, the latest version of a freelance’s CV is retained either in hard-copy or electronic format.
Confidentiality and security of personal data shall be respected, maintained and ensured at all times, in both hard and soft copy.
In the case of a prospective enquiry for work by a freelance, the companyshall assume that s/he has given his/her consent to their details being stored in SELBL’s records unless we have received a request to the contrary.
In the case of the company requesting a given freelance’s details for work, we shall expressly seek consent from the individual that their details may be obtained and stored by us for the purpose those details will serve.
We shall irretrievably delete a freelance’s details from our records if instructed to do so by the freelance who owns such details, either verbally or in writing, and record the date on which this takes place.
Such deletion shall comprise the specific details requested under (4.0) from the date of the request forwards, but shall not extend backwards to any data relating to any earlier dealings with the individual freelance.
The data controller may decide to delete a freelance’s personal data for quality reasons. The date on which this takes place shall be recorded.
Individual data on freelances is kept for a minimum period of 3 years, and thereafter for as long as the likelihood exists of such work being commissioned by SELBL which relates to an individual’s data.
It is important that the personal data we hold is accurate and current. Freelances are expected to keep us informed if personal data changes during their relationship with us.
4.0 What is covered
The information we hold in terms of personal data serves to deliver our language services, process payments and maintain communications.
We do not use personal data for marketing, sharing with third parties or any form of identification which is outside the reasons given in the last paragraph. Unless this is required by law, for example Inland Revenue purposes.
We do not collect or require personal data which is irrelevant to our language services such as race, ethnicity, religion, sexual or political orientation, biometrics.
The breakdown of personal data that we may hold is listed below.
- Identity data – first name, last name and title, academic and professional qualifications, institute membership, training records.
- Contact data– email address, home address, telephone numbers.
- Financial data– bank account details, payment rate, tax code, transaction details.
5.0 Data security
The personal data as indicated above which is held by us is stored on an encrypted Microsoft cloud-based server, provided through our Microsoft OneDrive subscription. Microsoft are responsible for performing all security measures and the service is regularly upgraded to the latest level of protection.
SELBL similarly has security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to only such member/s of staff who have a need to know relevant to our business.
We have a procedure to deal with any suspected breach of personal data and will notify you and any applicable regulator of a breach where we are legally required to do so.