This Privacy Notice explains in detail who we are and the reasons we may collect, store, use and share personal information. You have rights in relation to your personal information. You can contact us and data protection authorities if you have a complaint.
Who we are:
Career Voyage and Resource Harbour are brand names of Career Voyage Ltd, registered in England, Co no 7532843. It collects and uses certain personal information about individuals with whom we come into contact during the course of our work. We act as a responsible controller of that information and seek to abide by the current data protection legislation. The data controller is Sarah Taylor.
The personal information we collect store and use:
- Your name
- Your contact information, including address, cv, personality tests information, email and phone number
This Privacy Notice may be updated from time to time and will be available to view via the Career Voyage website at all times.
If you have any questions regarding this policy, please contact us at firstname.lastname@example.org.
Why we collect personal information
We collect personal information to carry out career planning consultancy and support services for our clients. This information is used to fulfil our role as marketing consultants only.
Explaining the legal basis we rely on
The law on data protection sets out six ways a company may collect and process your personal data. Having analysed our customer database and business model, we have assessed that Legitimate Interest is the primary basis. This is because of your interactions with our company and website; we believe you may be interested in our services.
When do we collect your personal data?
We collect personal data from a number of sources, including
- our website contact form
- referrals from existing clients and individuals
- business contacts with whom we interact, e.g. service suppliers that help us deliver our services
- via personal meetings, networking and referrals
What sort of personal data we collect
The personal data we collect is limited to the level we need to deliver our services and is made up of some or all of the following:
- Email address
- Phone number
- Job Role
- Contact address
- Personality tests
How and why we use your personal data
Your personal data is used to ensure the services we deliver are suitable and appropriate, and any data collected is only used to administer and deliver those services.
- To respond to your queries.
- To propose, quote, design, deliver, invoice and get feedback on our services.
- To comply with our contractual or legal obligations to share data with law enforcement.
How we keep your personal data secure
We have appropriate security measures in place to prevent personal information from being accidentally lost, used or accessed in an unauthorised way. The nature of the internet is such, though, that whilst we take appropriate security measures, we cannot guarantee that any personal information transmitted via the internet will be completely secure.
We also have procedures to deal with suspected data security breaches. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
We will hold your data for a maximum period of 36 months after the date at which we last had contact. Your data will be entirely deleted at the end of that retention period.
Sharing of personal data
We only share personal data with team members and suppliers who provide relevant support services to our business. We do not sell or rent your information to third parties. Team members are required to comply with current data protection legislation. Their use is defined as data processors.
Rights over your personal data
The GDPR provides the following rights for individuals:
- The right to be informed
- The right of access
- The right to rectification
- The right to erasure
- The right to restrict processing
- The right to data portability
- The right to object
Rights in relation to automated decision-making and profiling
Where any subject access request is made, there is a requirement to prove identity before any information is divulged. This may involve physical presence with accompanying ID. Where a request to “Be forgotten” is made, this can only be complied with if there are no other legal frameworks that overrule GDPR (e.g. HMRC, FCA, etc.).
Use of ‘cookies’
Regulation changes and remedial actions
GDPR went live on 25th May 2018, and the UK Data Privacy Bill has received Royal Assent. This Notice is based on the regulations as they exist with a review process set up to make any adjustments required to become and stay compliant.
Contacting the Regulator
If you feel that your data has not been handled correctly, or you are unhappy with our response to any requests you have made to us regarding the use of your personal data, you have the right to lodge a complaint with the Information Commissioner’s Office.
You can contact them by calling 0303 123 1113.
Or go online to www.ico.org.uk/concerns/ (please note we can’t be responsible for the content of external websites)
If you are based outside the UK, you have the right to lodge your complaint with the relevant data protection regulator in your country of residence.