T4 Communications UK Ltd T/A Rightcheck (“We”) are committed to protecting and respecting your privacy.
The rules on processing of personal data are set out in the General Data Protection Regulation (the “GDPR”).
Data controller – A controller determines the purposes and means of processing personal data.
Data processor – A processor is responsible for processing personal data on behalf of a controller.
Data subject – Natural person
Categories of data: Personal data and special categories of personal data
Personal data – The GDPR applies to ‘personal data’ meaning any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier (as explained in Article 6 of GDPR). For example name, passport number, home address or private email address. Online identifiers include IP addresses and cookies.
Special categories personal data – The GDPR refers to sensitive personal data as ‘special categories of personal data’ (as explained in Article 9 of GDPR). The special categories specifically include genetic data, and biometric data where processed to uniquely identify an individual. Other examples include racial and ethnic origin, sexual orientation, health data, trade union membership, political opinions, religious or philosophical beliefs.
Processing – means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Third party – means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.
2. About us
Rightcheck is the data controller. This means we decide how your personal data is processed and for what purposes. For all data matters, please email firstname.lastname@example.org
3.The purpose(s) of processing your personal data
We use your personal data for the following purposes:
Customer Support: We use your information to support you in your use of our products and services. This includes the use of personal information to diagnose product problems, rectify erroneous transactions and provide other customer support related services.
Customer engagement and communication: We use your information to communicate with you via email, SMS text or other electronic media for instance on service‐related matters, such as invoices. Other instances where we engage with you include confirming the opening of an account, resolving complaints, and asking you to take part in one of our surveys.
Marketing. We would like to send you information which may be of interest to you, about our products and services and those of other companies (in so far as you have consented to this) that may be of interest to you. We communicate with you via email, SMS text or other electronic media. You have the right at any time to stop us from contacting you for marketing related purposes. Depending on your preferences, you can unsubscribe, or email email@example.com
Improving and personalising our products and services. We use your personal information to improve our products and services. Clicking behaviour and search results on our website can for instance help us to prioritise or identify new product features.
4.The categories of personal data concerned
With reference to the categories of personal data described in the definitions section, we process the following categories of your data:
We have obtained your data either through a form on our website (you gave us your data and supplied explicit consent), obtained through a third-party mailing list provider, or collected at some point in the past as a result of our various marketing initiatives.
5.Our legal basis for processing your personal data
Consent: Consent will have been given when filling out one of our online forms, such as a contact form, blog subscription, or newsletter subscription. You will have been required to tick a box giving explicit consent for us to store and process your data for the purposes of contacting you regarding sales and marketing materials.
Legitimate Interest: All employers, irrespective of size or sector are required to prevent the employment of illegal workers by undertaking right to work checks. Rightcheck provides organisations with a mechanism to enable these checks to be undertaken with ease across the entire recruitment activity of the organisation and in the process establish a statutory excuse from any potential prosecution. Therefore, we process data for the purposes of legitimate interests. As we provide a business solution (B2B), we believe that businesses have a legitimate interest in the services that we provide. We process your personal data as a contact point for your business. We will always provide the option to opt-out on each of our electronic communications.
6.Sharing your personal data
Your personal data will be treated as strictly confidential and will only be shared with employees within Rightcheck for the purposes explained above. We do not share/sell/store your personal data outside of Rightcheck.
7.Data retention policy
We keep your personal data for no longer than reasonably necessary using the following criteria:
If you have provided your consent for processing to provide you with a blog/newsletter subscription, we will retain your personal information until you explicitly request for it to be removed.
If we have received your data from a contact form or external mailing list, we will retain your data until either we are made aware that the data is no longer accurate, or you have explicitly requested for it to be erased.
8.Providing us with your personal data
You are under no statutory or contractual requirement or obligation to provide us with your personal data. If you choose not to provide your personal data:
We will be unable to send you newsletters/blog updates
We will be unable to send operational updates to you, for example, changes to our website or services
9.Your rights and your personal data
Unless subject to an exemption under the GDPR, you have the following rights with respect to your personal data:
The right to request a copy of the personal data which we hold about you;
The right to request that we correct any personal data if it is found to be inaccurate or out of date;
The right to request your personal data is erased where it is no longer necessary to retain such data;
The right to withdraw your consent to the processing at any time, where consent was your lawful basis for processing the data;
The right to request that we provide you with your personal data and where possible, to transmit that data directly to another data controller, (known as the right to data portability), (where applicable i.e. where the processing is based on consent or is necessary for the performance of a contract with the data subject and where the data controller processes the data by automated means);
The right, where there is a dispute in relation to the accuracy or processing of your personal data, to request a restriction is placed on further processing;The right to object to the processing of personal data, (where applicable i.e. where processing is based on legitimate interests (or the performance of a task in the public interest/exercise of official authority); direct marketing and processing for the purposes of scientific/historical research and statistics).
10.Transfer of Data Abroad
We do not transfer personal data outside of the EEA.
If we wish to use your personal data for a new purpose, not covered by this Data Privacy Notice, then we will provide you with a new notice explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions.
13.How to contact us
If you would like more information about how we use and store your data, or would like to complaint, please email firstname.lastname@example.org
If this does not resolve your issue, you can contact the Information Commissioner’s Office (ICO).
Crowe UK LLP ("Crowe", "we" or "us"), is a Limited Liability Partnership incorporated in England and Wales with registered number OC360767. The Registered Office is at St Bride’s House, 10 Salisbury Square, London EC4Y 8EH.
Crowe Track my Trip is dedicated to protecting the confidentiality and privacy of information entrusted to it and complies with the Data Protection Act 1998. By downloading the App and submitting information to us you are agreeing to the collection and use of your personal information as described in this Privacy Statement.
1.1 The type of information we collect from users
To use the App, you will need to set up a user account which allows you secure access. To create this account, you will need to provide your first name, surname, and email address. During the use of the App we will collect information about your location and limited data confirming the nature of any tracked trip.
Currently we do not collect any personal information from you when you install this App, including information about your Device.
1.2 Uses of collected information
We will use your personal data only for the purpose for which it was collected (so that you can download and use the App) or as may reasonably be expected. The system uses location data that is captured by your cell phone as you change location. This information is used by TmT to store information about your journeys which, combined with limited data that you are asked to enter or confirm by the app, is used to help you and Crowe manage their and sometimes your obligations under the applicable tax, social security and immigration legislation and regulations around the world. We will obtain your specific consent to other uses, or unless otherwise required or permitted by law or professional standards.
We may share personal data that you submit to us through the installation or use of this App to other member firms in the Crowe network of firms or to subcontractors working on our behalf (including transfers across geographical borders) in accordance with our data protection obligations.
We do not disclose your personal data except as required and permitted by applicable law.
We do not sell your personal data or provide it to third parties for their direct marketing use.
We may use anonymised data to review how the App is being used and how it can be improved.
1.3 Data security and storage
Crowe Track my Trip has appropriate technical and organisational security policies and procedures in place to protect personal data and information from loss, misuse, alteration, or destruction. Any information you provide will be stored on the Amazon Web Services cloud environment in Ireland within its own private network (usually referred to as a 'Virtual Private Cloud') which is wholly managed by Crowe Track my Trip.
Additionally, we aim to ensure that access to your personal data is limited to those who need to access it, in this case a limited amount of Crowe Track my Trip employees who manage the App and database or provide technical support. Those individuals who have access to the data are required to maintain the confidentiality of such information.
Please be aware that the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data which is transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
1.4 Access to collected information
As described above, the personal information we hold is limited to your first name, surname, email address and information about your home location and overseas trips you have made. You may request a copy of this personal data (as defined in the Data Protection Act 1998) that we keep about you, and to have any inaccurate information about you corrected. If you wish to make such a request or you are concerned that any of the information we possess about you is incorrect, please contact us at email@example.com
1.5 Changes to this policy
Crowe Track my Trip keeps this Privacy Statement under regular review and will place any updates to it on the page from where you downloaded the App. This Privacy Statement was prepared in October 2019.
1.6 Contacting Us
If you have questions, comments or complaints about our handling or protection of your personal data, please contact us at firstname.lastname@example.org
Data Protection Policy – Data Processors (for clients)Updated 24/05/2018
This addendum reflects the processor obligations contained in the GDPR and forms an integral part of the contract between Crowe Track my Trip and the Subscriber (you).
1.1. In this policy, the following words and phrases will have the following meanings:
Data Protection Law: all applicable legislation protecting the fundamental rights and freedoms of individuals in relation to their personal data and right to privacy (including, but not limited to, the GDPR) as amended and updated from time to time
GDPR: the General Data Protection Regulation (Regulation (EU) 2016/679) of the European Parliament and the Council of 27 April 2016, and ‘Articles’ refers to the articles of the GDPR
1.2. Any reference to an “Article” or to “Articles” is a reference to an Article or to Articles of the GDPR.
1.3. The terms ‘personal data’, ‘data subject’, ‘processor’, ‘controller’, ‘processing’, ‘personal data breach’ ‘pseudonymisation’ ‘special categories of data’ and ‘supervisory authority’ have the meanings set out in Article 4.
2.1. Whenever CROWE TRACK MY TRIP processes personal data on the Subscriber’s behalf: (a) the Subscriber shall be the controller and CROWE TRACK MY TRIP shall be the processor in respect of such personal data; and (b) CROWE TRACK MY TRIP shall only process such personal data on the documented instructions from the Subscriber and in full compliance with this policy and any obligations imposed on CROWE TRACK MY TRIP by applicable Data Protection Law.
2.2. The Subscriber warrants that to the extent of its reasonable knowledge and belief, any disclosure of personal data to CROWE TRACK MY TRIP for processing in connection with the Services complies with all relevant Data Protection Law, and that that all instructions given by it to CROWE TRACK MY TRIP in respect of personal data shall at all times be in accordance with Data Protection Law.
2.3. CROWE TRACK MY TRIP shall inform the Subscriber on becoming aware of any instruction from the Subscriber in relation to the processing of personal data which, in CROWE TRACK MY TRIP’s reasonable opinion, infringes Data Protection Law.
3.1. Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk to the rights and freedoms of natural persons, CROWE TRACK MY TRIP shall implement and maintain appropriate technical and organisational measures to ensure a level of security appropriate to the risk including, but not limited to, the following (as appropriate):
(a) the pseudonymisation and encryption of personal data;
(b) CROWE TRACK MY TRIP’s ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services;
(c) CROWE TRACK MY TRIP’s ability to restore the availability and accessibility of personal data in a timely manner in the event of a physical or technical incident;
(d) a process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing; and
(e) providing any assistance the Subscriber reasonably requires in order for it to implement appropriate technical and organisational measures to protect its personal data.
3.2. In assessing the appropriate level of security measures to be taken under paragraph 3.1, CROWE TRACK MY TRIP shall take account of the risks that are presented by the processing, in particular from accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to personal data transmitted, stored or otherwise processed.
3.3. CROWE TRACK MY TRIP shall ensure that its employees and any other persons with access to personal data CROWE TRACK MY TRIP processes on behalf of the Subscriber are made aware of their data protection and security obligations and do not process such personal data except in accordance with the Subscriber’s instruction
4.2. Where CROWE TRACK MY TRIP engages a sub-processor to carry out specific processing activities on behalf of the Subscriber, CROWE TRACK MY TRIP shall ensure that that sub-processor only does so on terms equivalent to those to which CROWE TRACK MY TRIP is itself subject under this policy (and any other agreement between CROWE TRACK MY TRIP and the Subscriber). In particular, CROWE TRACK MY TRIP shall ensure the any sub-processor provides sufficient guarantees to implement appropriate technical and organisational measures in such a manner that the processing will meet the requirements of the GDPR (including the requirements relating to security, integrity and confidentiality). Where that other processor fails to fulfil its data protection obligations, CROWE TRACK MY TRIP shall remain fully liable to the Subscriber for the performance of those obligations.
5. REQUESTS FROM DATA SUBJECTS AND SUPERVISORY AUTHORITIES
5.1. If a data subject makes a request relating to the exercise of his or her legal rights in relation to personal data, CROWE TRACK MY TRIP shall provide the Subscriber with any information and assistance reasonably required by the Subscriber in order to:
(a) respond to a subject access request by a data subject;
(b) erase personal data in accordance with the data subject’s right to erasure;
(c) allow the data subject to exercise his or her right to restrict processing;
(d) notify any persons who have received personal data about any rectification, erasure or restriction of processing which has taken place at the request of a data subject;
(e) provide the data subject with a copy of his or her data in a structured and common electronic format; or
(f) give effect to the data subject’s rights (under Articles 21 and 22) to object to profiling, automated decision-making and/or processing for direct marketing purposes.
5.2. Information and assistance provided by CROWE TRACK MY TRIP under paragraph 5.1 of this policy shall be given without undue delay and in such time as the Subscriber reasonably requires in order to comply with its obligations under Data Protection Law.
5.3. CROWE TRACK MY TRIP shall also cooperate with any requests by a supervisory authority.
6. PERSONAL DATA BREACHES AND NOTIFICATION
6.1. If CROWE TRACK MY TRIP becomes aware of a personal data breach relating to any personal data processed on behalf of the Subscriber, CROWE TRACK MY TRIP shall:
(a) notify the Subscriber without undue delay upon becoming aware of the breach and provide details of the nature of the personal data breach, including where possible:
(i) the categories and approximate number of data subjects concerned and the categories and approximate number of personal data records concerned;
(ii) the name and contact details of CROWE TRACK MY TRIP’s data protection officer or other contact from whom more information can be obtained;
(iii) (so far as CROWE TRACK MY TRIP is able to provide) details of the likely consequences of the personal data breach; and
(iv) measures CROWE TRACK MY TRIP has taken or proposes to take to address the personal data breach, including, where appropriate, measures to mitigate its possible adverse effect.
(b) provide the Subscriber with such information and assistance as it requires in relation to the personal data breach (including in relation to action to remedy or mitigate the breach); and
(c) document the personal data breach and any related action taken by CROWE TRACK MY TRIP.
7. DATA PROTECTION OFFICERS AND PRIVACY IMPACT ASSESSMENTS
7.1. CROWE TRACK MY TRIP shall ensure that before processing personal data on behalf of the Subscriber it communicates details of its data protection officer to the Subscriber.
7.2. Taking into account the nature of the processing and the information available to CROWE TRACK MY TRIP, CROWE TRACK MY TRIP shall provide the Subscriber with such information and assistance as the Subscriber reasonably requires in order to:
(a) carry out any privacy impact assessments (under Article 35);
(b) consult with a supervisory authority prior to processing (under Article 36); and/or
(c) meet any obligations under Data Protection Act 1998 which derive from the activities described in paragraph 7.2(a) and 7.2(b).
8. DELETION AND RETURN OF DATA
At end of contract between CROWE TRACK MY TRIP and the Subscriber, CROWE TRACK MY TRIP shall (at the Subscriber’s option) delete or return all personal data CROWE TRACK MY TRIP has processed on its behalf, and any copies of such personal data, unless CROWE TRACK MY TRIP is required to store such copies to comply with a legal requirement (in which case CROWE TRACK MY TRIP may store such copies to the extent necessary to comply with applicable law).
9. RECORDS, AUDITS AND INSPECTIONS
9.1. CROWE TRACK MY TRIP shall maintain a written record of all categories of processing activities carried out on behalf of the Subscriber, containing:
(a) the names, contact details and (where applicable) data protection officer details for the Subscriber, CROWE TRACK MY TRIP and any sub-processors appointed by CROWE TRACK MY TRIP;
(b) the categories of processing carried out on behalf of the Subscriber
(c) where applicable, details of transfers of personal data to a third country or an international organisation, including the identification of that country or organisation and the documentation of suitable safeguards; and
(d) a description of the technical and organisational security measures referred to in paragraph 3.1 of this policy.
9.2. CROWE TRACK MY TRIP shall make the records referred to in paragraph 9.1 available to the supervisory authority on request.
10. INTERNATIONAL TRANSFERS
10.1. CROWE TRACK MY TRIP shall not transfer any of the Subscriber’s personal data to a third country or international organisation without the Subscriber’s prior written consent and:
(a) the EU Commission has decided that country or organisation ensures adequate protection under Article 45;
(b) appropriate safeguards are in place (as set out in Article 46); or
(c) one or more of the derogation’s in Article 49 applies.
SUBSCRIBE TO GET
The latest right to work check legislation updates