We Are Refyne's Privacy Policy
Last Updated: 26 September 2024
Introduction
This Privacy Policy applies to all data collections and other data processing of We Are Refyne Limited. For the purposes of this Privacy Policy any references to We Are Refyne (or "us" or "we" or "our") means We Are Refyne Limited.
At We Are Refyne we take your privacy seriously, this Privacy Policy explains how we treat your personal data to maintain your privacy. It describes how we collect, use and process your personal data, explaining what we do with it whether we are in the process of helping you find a job, continuing our relationship with you after finding you a role, providing you with a service, receiving a service from you, using your data to ask for your assistance in relation to one of our Candidates or you are a Website Visitor.
This Privacy Policy applies to the personal data of Candidates, Clients, Contractors, Suppliers, Website Visitors and other people whom we may contact in relation to our Candidates or whom they have indicated as an emergency contact. It also applies to the emergency contacts of our Staff.
We Are Refyne Limited reserves the right to update this Privacy Policy at any time, please review the "Last Updated" details at the top of this page to determine when this Privacy Policy was last updated. Any change to this Privacy Policy will become effective on the "Last Updated" date indicated above. We Are Refyne Limited will make every effort to communicate any significant changes to you via email and/or by posting a notice on We Are Refyne's Site. Your continued use of We Are Refyne Limited's services will be deemed as acceptance of any amended Privacy Policy.
If you are dissatisfied with any aspect of our Privacy Policy, you may have legal rights and, where relevant, we have described these as well.
How We Use Your Personal Data
We Are Refyne Limited collect your personal data in order to facilitate the recruitment process, you are under no obligation to provide your personal data, however, if you do not provide your personal data we may not be able to provide you with certain services. We only ask for details that will genuinely help us to help you, we do not collect more information that we require to fulfil our stated purposes and will not retain it for longer than is necessary.
It is not our policy to seek sensitive personal data unless required for further recruitment purposes, legally required or reasonably necessary for an ongoing relationship with you. Sensitive data includes data concerning race or ethnic origin, physical or mental health, sexual orientation, religious beliefs, political opinion, trade union membership or criminal records and proceedings. We therefore suggest that you do not offer sensitive personal data of this nature unless specifically requested to do so. If you do provide sensitive personal data for any reason, we accept this as your consent to use such data in the ways described in this Privacy Policy.
The personal data we hold is dependent upon your relationship with us, the information below describes the personal data held, how it is collected and used, the systems it is held in, the period we hold it for, who it is shared with and the lawful basis for processing.
The information described below is in addition to any personal data we are required by law to process in any given situation.
Unless otherwise stated We Are Refyne Limited is the Data Controller for the personal data you provide. If you have any queries about how we handle your personal data, please contact us at gdpr@wearerefyne.com.
Candidates
What Personal Data We Hold
Dependent on the circumstances and requirements we may collect some or all of the personal data listed below to enable us to offer you employment opportunities that are tailored to your interests, skill set, experience and expectations.
- Name
- Date of Birth
- Contact Details;
- Address
- Telephone Number (Home)
- Telephone Number (Work)
- Telephone Number (Mobile)
- Email Address (Personal)
- Email Address (Work)
- LinkedIn Profile
- Job Title
- Current Employer;
- Remuneration
- Pension
- Benefits
- Desired Salary/Rate
- Experience
- Qualifications
- Avatar
- Photo Identification;
- Copy of Driving License
- Copy of Passport
- Video
- Telephone Conversation Voice Recordings
Please note the above list of personal data we may collect is not exhaustive.
How We Collect Personal Data
We collect your personal data in three primary ways:
- Personal data provided by you, the Candidate;
- Personal data we receive from other sources; and
- Personal data we collect automatically.
1. Personal Data Provided by You
We Are Refyne Limited needs to know certain information about you to be able to provide a tailored service. This personal information enables us to provide you with the best opportunities and to improve your job search experience with us.
There are a number of ways you can share your personal information with us. These include, but are not limited to:
- Entering your details on the We Are Refyne Limited website as part of the registration process;
- Leaving a hard copy of your CV at a We Are Refyne Limited recruitment event, job fair or office;
- Emailing your CV to a We Are Refyne Limited consultant or being interviewed by them; or
- Applying for jobs through a job aggregator, which then redirects you to the We Are Refyne Limited website
2. Personal Data We Receive from Other Sources
In addition to personal data received directly from you We Are Refyne Limited also receive personal data about Candidates from other sources. These may include personal data received in, but not limited to, the following situations:
- Your referees may share personal information about you with us;
- Our Clients may share personal information about you with us;
- We may obtain personal information about you from searching for potential Candidates from third-party sources, such as LinkedIn and other job sites; and
- If you "like" our page on Facebook or "follow" us on Twitter we will receive your personal information from those sites.
3. Personal Data We Collect Automatically
When accessing our website or if you read or click on an email from us we may collect your data automatically, or through you providing it to us.
More information can be found here.
How We Use Personal Data
We use the personal data we hold about you to provide and personalise the services we offer, enabling them to be more relevant and useful to you. We use it in three primary ways:
- Recruitment activities;
- Marketing activities; and
- To help us establish, exercise or defend legal claims.
1. Recruitment Activities
Our main area of work is recruitment, and as a Candidate, your personal data is processed for the purposes of providing you with work-finding services. This includes, but is not limited to:
- Contacting you about job opportunities;
- Assessing your suitability for those job opportunities;
- Updating our databases;
- Putting you forward for job opportunities (sending your information to Clients); and
- Developing and managing our services and relationship with you.
2. Marketing Activities
We may, from time to time, send you information we think you may find interesting. We may wish to use your personal information for purposes including, but not limited to:
- The development and marketing of other products and services;
- Marketing our full range of recruitment services to you;
- Sending you details of reports, promotions, offers, networking and client events, and general information about the industry sectors which we think may be of interest to you; and
- Displaying promotional excerpts from your details on We Are Refyne Limited's website(s) as a success story (only where we have obtained your express consent to do so).
We need your consent for some aspects of these activities which are not covered by our legitimate interests and, depending on the situation, we'll ask for this via an opt-in.
If you are not happy about our approach to marketing, you have the right to withdraw your consent at any time.
If you have opted out from our marketing communications, either via the unsubscribe link in the footer of marketing emails or through your website profile, it is possible that your personal data may be recaptured from public sources in an unconnected marketing campaign. While we will endeavour to ensure this does not happen there may be instances, from time to time, where it does and would appreciate your understanding in these instances.
Our marketing is based on what we think will serve our Candidates best. We may use your data to show you We Are Refyne Limited adverts and other content on other websites.
3. To Help Us Establish, Exercise or Defend Legal Claims
In some cases, we may be required to use your data for the purpose of investigating, reporting and detecting crime and also to comply with laws that apply to us. We may also use your information during the course of internal audits to demonstrate our compliance with certain industry standards.
How Long We Keep Your Data For (Retention)
We will keep your personal data for a period of three years after our last meaningful contact with you (or our last meaningful contact with the company or entity that supplies your services if they are provided via a third-party company or entity). Different laws may require us to keep your personal data for different periods of time, where a law requires we keep your personal data for a period in excess of three years your personal data will be kept for the period required by law.
"Meaningful contact" means, for example, written or verbal communication between us and you or where you are actively using our online services, including, but not limited to, uploading your updated CV to our website. We also consider communication from you regarding potential roles, either written or verbal, or clicking through from, or replying to, any of our marketing emails as meaningful contact.
Who We Share Your Personal Data With
Where appropriate, and in accordance with local laws and requirements, we may share your personal data with the following categories of people:
- Any of our group companies;
- Individuals and organisations who hold information related to your reference or application to work with us, such as current, past or prospective employers, educators and examining bodies and employment and recruitment agencies;
- Tax, audit, or other authorities, we believe in good faith that the law or other regulation requires us to share this data (for example, because of a request by a tax authority or in connection with any anticipated litigation);
- Third-party service providers who perform functions on our behalf (including external consultants, business associates and professional advisers such as lawyers, auditors and accountants, technical support functions and IT consultants carrying out testing and development work on our business technology systems);
- Third-party outsourced IT and document storage providers where we have an appropriate processing agreement (or similar protections) in place;
- Marketing technology platforms and suppliers;
- Potential employers and other recruitment agencies/organisations to increase your chances of finding employment;
- Third-party partners, job boards and job aggregators where we consider this will improve the chances of finding you the right job;
- Managed Service Provider (MSP) suppliers as part of our clients' MSP programmes;
- Third-parties we have retained to provide services such as reference, qualification and criminal conviction checks, to the extent that these checks are appropriate and in accordance with local laws; and
- If We Are Refyne Limited merges with or is acquired by another business or company in the future (or is in meaningful discussions about such a possibility) we may share your personal data with the (prospective) new owners of the business or company.
Lawful Basis for Processing
Article 6 of the General Data Protection Regulation (GDPR) requires that we process all personal data lawfully, fairly and in a transparent manner.
Article 6(1)(f) states that We Are Refyne Limited can process your data where "processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third-party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child."
In simpler language this is where We Are Refyne Limited has a legitimate reason to process your data provided it is reasonable and does not go against what you would reasonably expect from us.
As a Candidate we believe it is reasonable to expect us to collect and use your personal information to provide recruitment services to you, to share your personal information with prospective employers and compare your skills against our current vacancies where you have either provided us with your information directly, posted your CV information on a job board or on professional networking sites. Once it looks like you may be offered a position with a prospective employer, they may want to check any information you have provided or to confirm your qualifications, experience or references. The providing of this information to prospective employers is required to help you, and other Candidates, get the jobs you deserve and allows us to function as a profit-making recruitment business.
We think it's reasonable to process your personal data to provide a tailored recruitment service, offering you, the Candidate, a more pleasant job search experience and ensuring you receive the most appropriate content for your job search.
In some cases, we may be required to use your data for the purpose of investigating, reporting and detecting crime and also to comply with laws that apply to us. We may also use your information during the course of internal audits to demonstrate our compliance with certain industry standards.
While we don't believe any of the above activities prejudice you in any way – they enable us to provide the service you have engaged us for – you have the right to object to us processing your data on this basis.
Contractors
What Personal Data We Hold
Dependent on the circumstances and requirements we may collect some or all of the personal data listed below to enable us to offer you employment opportunities that are tailored to your interests, skill set, experience and expectations.
- Name
- Date of Birth
- Bank Details
- Contact Details;
- Address
- Telephone Number (Home)
- Telephone Number (Work)
- Telephone Number (Mobile)
- Email Address (Personal)
- Email Address (Work)
- LinkedIn Profile
- Job Title
- Current Employer;
- Remuneration
- Pension
- Benefits
- Desired Salary/Rate
- Experience
- Qualifications
- Avatar
- Photo Identification;
- Copy of Driving License
- Copy of Passport
- Video
- Telephone Conversation Voice Recordings
Please note the above list of personal data we may collect is not exhaustive.
How We Collect Personal Data
We collect your personal data in three primary ways:
- Personal data provided by you, the Contractor;
- Personal data we receive from other sources; and
- Personal data we collect automatically.
1. Personal Data Provided by You
We Are Refyne Limited needs to know certain information about you to be able to provide a tailored service. This personal information enables us to provide you with the best opportunities and to improve your job search experience with us.
There are a number of ways you can share your personal information with us. These include, but are not limited to:
- Entering your details on the We Are Refyne Limited website as part of the registration process;
- Leaving a hard copy of your CV at a We Are Refyne Limited recruitment event, job fair or office;
- Emailing your CV to a We Are Refyne Limited consultant or being interviewed by them; or
- Applying for jobs through a job aggregator, which then redirects you to the We Are Refyne Limited website
2. Personal Data We Receive from Other Sources
In addition to personal data received directly from you We Are Refyne Limited also receive personal data about Contractors from other sources. These may include personal data received in, but not limited to, the following situations:
- Your referees may share personal information about you with us;
- Our Clients may share personal information about you with us;
- We may obtain personal information about you from searching for potential Contractors from third-party sources, such as LinkedIn and other job sites; and
- If you "like" our page on Facebook or "follow" us on Twitter we will receive your personal information from those sites.
3. Personal Data We Collect Automatically
When accessing our website or if you read or click on an email from us we may collect your data automatically, or through you providing it to us.
More information can be found here.
How We Use Personal Data
We use the personal data we hold about you to provide and personalise the services we offer, enabling them to be more relevant and useful to you. We use it in three primary ways:
- Recruitment activities;
- Marketing activities; and
- To help us establish, exercise or defend legal claims.
1. Recruitment Activities
Our main area of work is recruitment, and as a Contractor, your personal data is processed for the purposes of providing you with work-finding services. This includes, but is not limited to:
- Contacting you about job opportunities;
- Assessing your suitability for those job opportunities;
- Updating our databases;
- Putting you forward for job opportunities (sending your information to Clients); and
- Developing and managing our services and relationship with you.
2. Marketing Activities
We may, from time to time, send you information we think you may find interesting. We may wish to use your personal information for purposes including, but not limited to:
- The development and marketing of other products and services;
- Marketing our full range of recruitment services to you;
- Sending you details of reports, promotions, offers, networking and client events, and general information about the industry sectors which we think may be of interest to you; and
- Displaying promotional excerpts from your details on We Are Refyne Limited's website(s) as a success story (only where we have obtained your express consent to do so).
We need your consent for some aspects of these activities which are not covered by our legitimate interests and, depending on the situation, we'll ask for this via an opt-in.
If you have opted out from our marketing communications, either via the unsubscribe link in the footer of marketing emails or through your website profile, it is possible that your personal data may be recaptured from public sources in an unconnected marketing campaign. While we will endeavour to ensure this does not happen there may be instances, from time to time, where it does and would appreciate your understanding in these instances.
Our marketing is based on what we think will serve our Contractors best. We may use your data to show you We Are Refyne Limited adverts and other content on other websites.
3. To Help Us Establish, Exercise or Defend Legal Claims
In some cases, we may be required to use your data for the purpose of investigating, reporting and detecting crime and also to comply with laws that apply to us. We may also use your information during the course of internal audits to demonstrate our compliance with certain industry standards.
How Long We Keep Your Data For (Retention)
We will keep your personal data for a period of seven years after our last meaningful contact with you (or our last meaningful contact with the company or entity that supplies your services if they are provided via a third-party company or entity). Different laws may require us to keep your personal data for different periods of time, where a law requires we keep your personal data for a period in excess of seven years your personal data will be kept for the period required by law.
"Meaningful contact" means, for example, written or verbal communication between us and you or where you are actively using our online services, including, but not limited to, uploading your updated CV to our website. We also consider communication from you regarding potential roles, either written or verbal, or clicking through from, or replying to, any of our marketing emails as meaningful contact.
Who We Share Your Personal Data With
Where appropriate, and in accordance with local laws and requirements, we may share your personal data with the following categories of people:
- Any of our group companies;
- Individuals and organisations who hold information related to your reference or application to work with us, such as current, past or prospective employers, educators and examining bodies and employment and recruitment agencies;
- Tax, audit, or other authorities, we believe in good faith that the law or other regulation requires us to share this data (for example, because of a request by a tax authority or in connection with any anticipated litigation);
- Third-party service providers who perform functions on our behalf (including external consultants, business associates and professional advisers such as lawyers, auditors and accountants, technical support functions and IT consultants carrying out testing and development work on our business technology systems);
- Third-party outsourced IT and document storage providers where we have an appropriate processing agreement (or similar protections) in place;
- Marketing technology platforms and suppliers;
- Potential employers and other recruitment agencies/organisations to increase your chances of finding employment;
- Third-party partners, job boards and job aggregators where we consider this will improve the chances of finding you the right job;
- Managed Service Provider (MSP) suppliers as part of our clients' MSP programmes;
- Third-parties we have retained to provide services such as reference, qualification and criminal conviction checks, to the extent that these checks are appropriate and in accordance with local laws; and
- If We Are Refyne Limited merges with or is acquired by another business or company in the future (or is in meaningful discussions about such a possibility) we may share your personal data with the (prospective) new owners of the business or company.
Lawful Basis for Processing
Article 6 of the General Data Protection Regulation (GDPR) requires that we process all personal data lawfully, fairly and in a transparent manner.
Article 6(1)(f) states that We Are Refyne Limited can process your data where "processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third-party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child."
In simpler language this is where We Are Refyne Limited has a legitimate reason to process your data provided it is reasonable and does not go against what you would reasonably expect from us.
Article 6(1) (b) states that We Are Refyne Limited can process your data where "processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract".
In simpler language this is where We Are Refyne Limited have placed you in a role as a contractor and have a contract in place with you to fulfil that role.
As a Contractor we believe it is reasonable to expect us to collect and use your personal information to provide recruitment services to you, to share your personal information with prospective employers and compare your skills against our current vacancies where you have either provided us with your information directly, posted your CV information on a job board or on professional networking sites. Once it looks like you may be offered a position with a prospective employer, they may want to check any information you have provided or to confirm your qualifications, experience or references. The providing of this information to prospective employers is required to help you, and other Contractors, get the jobs you deserve and allows us to function as a profit-making recruitment business.
We think it's reasonable to process your personal data to provide a tailored recruitment service, offering you, the Contractor, a more pleasant job search experience and ensuring you receive the most appropriate content for your job search.
In some cases, we may be required to use your data for the purpose of investigating, reporting and detecting crime and also to comply with laws that apply to us. We may also use your information during the course of internal audits to demonstrate our compliance with certain industry standards.
While we don't believe any of the above activities prejudice you in any way – they enable us to provide the service you have engaged us for – you have the right to object to us processing your data on this basis.
Clients
What Personal Data We Hold
The data we collect about Clients is actually very limited. Dependent on the circumstances and requirements we may collect some or all of the personal data listed below to enable us to fulfil our obligations to you as a client.
- Name
- Contact Details;
- Address
- Telephone Number (Home)
- Telephone Number (Work)
- Telephone Number (Mobile)
- Email Address (Personal)
- Email Address (Work)
- LinkedIn Profile
- Job Title
- Current Employer
- Telephone Conversation Voice Recordings
- Video
Please note the above list of personal data we may collect is not exhaustive.
How We Collect Personal Data
We collection your personal data in three primary ways:
- Personal data provided by you, the Client;
- Personal data we receive from other sources; and
- Personal data we collect automatically.
1. Personal Data Provided by You
We Are Refyne Limited needs to know certain information about you and your business to ensure that you have the best staff for your business.
There are a number of ways you can share your personal information with us. These include, but are not limited to:
- Where you contact us proactively, usually by phone or email; and/or
- Where we contact you, usually by phone or email, or through our consultants' business development activities.
2. Personal Data We Receive From Other Sources
In addition to personal data received directly from you We Are Refyne Limited also receive personal data about Clients from other sources. These may include personal information received in, but not limited to, the following situations:
- Due diligence checks;
- Marketing intelligence;
- Delegate lists at relevant events; and
- Other third parties, for example Candidates that provide your details to act as a referee for them.
3. Personal Data We Collect Automatically
When accessing our website or if you read or click on an email from us we may collect your data automatically, or through you providing it to us.
More information can be found here.
How We Use Personal Data
We use the personal data we hold about you to provide and personalise the services we offer, enabling them to be more relevant and useful to you. We use it in three primary ways:
- Recruitment activities;
- Marketing activities; and
- To help us establish, exercise or defend legal claims.
1. Recruitment Activities
Our main area of work is recruitment, and as a Client, your personal data is processed for the purposes of providing you with employee-finding services. This includes, but is not limited to:
- Providing you with Candidates, Recruitment Process Outsourcing (RPO) services and MSP programmes;
- To contact you in relation to recruitment activities;
- Keeping records of our conversations and meetings, to provide targeted services to you; and
- Processing your data for the purpose of targeting appropriate marketing campaigns.
2. Marketing Activities
We may, from time to time, send you information we think you may find interesting. We may wish to use your personal information for purposes including, but not limited to:
- The development and marketing of other products and services;
- Marketing our full range of recruitment services to you;
- Sending you details of reports, promotions, offers, networking and client events, and general information about the industry sectors which we think may be of interest to you; and
- Displaying promotional excerpts from your details on We Are Refyne Limited's website(s) as a success story (only where we have obtained your express consent to do so).
We need your consent for some aspects of these activities which are not covered by our legitimate interests and, depending on the situation, we'll ask for this via an opt-in.
If you have opted out from our marketing communications, either via the unsubscribe link in the footer of marketing emails or through your website profile, it is possible that your personal data may be recaptured from public sources in an unconnected marketing campaign. While we will endeavour to ensure this does not happen there may be instances, from time to time, where it does and would appreciate your understanding in these instances.
Our marketing is based on what we think will serve our Clients best. We may use your data to show you We Are Refyne Limited adverts and other content on other websites.
3. To Help Us Establish, Exercise or Defend Legal Claims
In some cases, we may be required to use your data for the purpose of investigating, reporting and detecting crime and also to comply with laws that apply to us. We may also use your information during the course of internal audits to demonstrate our compliance with certain industry standards.
How Long We Keep Your Data For (Retention)
We will keep your personal data for a period of three years after our last meaningful contact with you. Different laws may require us to keep your personal data for different periods of time, where a law requires we keep your personal data for a period in excess of three years your personal data will be kept for the period required by law.
"Meaningful contact" means, for example, written or verbal communication between us and you or where you are actively using our online services. We also consider communication from you regarding potential roles, either written or verbal, or clicking through from, or replying to, any of our marketing emails as meaningful contact.
Who We Share Your Personal Data With
Where appropriate, and in accordance with local laws and requirements, we may share your personal data with the following categories of people:
- Any of our group companies;
- Tax, audit, or other authorities, we believe in good faith that the law or other regulation requires us to share this data (for example, because of a request by a tax authority or in connection with any anticipated litigation);
- Third-party service providers who perform functions on our behalf (including external consultants, business associates and professional advisers such as lawyers, auditors and accountants, technical support functions and IT consultants carrying out testing and development work on our business technology systems);
- Third-party outsourced IT and document storage providers where we have an appropriate processing agreement (or similar protections) in place;
- Marketing technology platforms and suppliers; and
- If We Are Refyne Limited merges with or is acquired by another business or company in the future (or is in meaningful discussions about such a possibility) we may share your personal data with the (prospective) new owners of the business or company.
Lawful Basis for Processing
Article 6 of the General Data Protection Regulation (GDPR) requires that we process all personal data lawfully, fairly and in a transparent manner.
Article 6(1)(f) states that We Are Refyne Limited can process your data where "processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third-party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child."
In simpler language this is where We Are Refyne Limited has a legitimate reason to process your data provided it is reasonable and does not go against what you would reasonably expect from us.
As a Client we believe it is reasonable to expect us to collect and use your personal information to provide the best recruitment services to you.
In some cases, we may be required to use your data for the purpose of investigating, reporting and detecting crime and also to comply with laws that apply to us. We may also use your information during the course of internal audits to demonstrate our compliance with certain industry standards.
While we don't believe any of the above activities prejudice you in any way – they enable us to provide the service you have engaged us for – you have the right to object to us processing your data on this basis.
Supplier
What Personal Data We Hold
We need a small amount of information from our Suppliers to ensure our business relationship runs smoothly. We may collect some or all of the personal data listed below.
- Name
- Contact Details
- Telephone Number (Work)
- Telephone Number (Mobile)
- Email Address (Work)
Please note the above list of personal data we may collect is not exhaustive.
How We Collect Personal Data
We collect personal data when entering into an agreement with you and during the course of our work with you.
How We Use Personal Data
We use the personal data we hold about you in 4 primary ways:
- To contact you in relation to our agreements;
- To offer services to you or to obtain support and services from you;
- To perform certain legal obligations; and
- To help us to establish, exercise or defend legal claims.
How Long We Keep Your Data For (Retention)
We will keep your personal data for a period of three years after our last meaningful contact with you (or our last meaningful contact with the company or entity that supplies your services if they are provided via a third-part company or entity). Difference laws may require us to keep your personal data for different periods of time, where a law requires we keep your personal data for a period in excess of three years your personal data will be kept for the period required by law.
"Meaningful contact" means, for example, written or verbal communication between us and you or where you are actively using our online services. We also consider clicking through from, or replying to, any of our marketing emails as meaningful contact.
Who We Share Your Personal Data With
We may share this information with any of our group companies and associated third parties such as our service providers and organisations to whom we provide services.
Lawful Basis For Processing
Article 6 of the General Data Protection Regulation (GDPR) requires that we process all personal data lawfully, fairly and in a transparent manner.
Article 6(1)(f) states that We Are Refyne Limited can process your data where "processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third-party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child."
In simpler language this is where We Are Refyne Limited has a legitimate reason to process your data provided it is reasonable and does not go against what you would reasonably expect from us.
As a Supplier we believe it is reasonable to expect us to collect and use your personal information for the purposes outlined above.
In some cases, we may be required to use your data for the purpose of investigating, reporting and detecting crime and also to comply with laws that apply to us. We may also use your information during the course of internal audits to demonstrate our compliance with certain industry standards.
While we don't believe any of the above activities prejudice you in any way – they enable us to provide the service you have engaged us for – you have the right to object to us processing your data on this basis.
Website Visitor
What Personal Data We Hold
Dependent on the circumstances and requirements we may collect some or all of the personal data listed below to enable us to fulfil our obligations to you as a website visitor.
- Technical Information;
- IP Addresses;
- Information about what types of device you use to connect to our website; and
- How you interact with our website.
Please note the above list of personal data we may collect is not exhaustive.
How We Collect Personal Data
We collect your personal data when you browse our website. We also collect personal information when you contact us via the website, for example by completing the contact us form.
We collect the data automatically via cookies, in line with cookie settings in your browser. If you would like to find out more about cookies, including how we use them and what choices are available to you, please click here.
How We Use Personal Data
We use the personal data we hold about you to monitor and improve the website experience for website visitors.
How Long We Keep Your Data For (Retention)
We will keep your personal data for a period of three years after you visit our website. Different laws may require us to keep your personal data for different periods of time, where a law requires we keep your personal data for a period in excess of three years your personal data will be kept for the period required by law.
Who We Share Your Personal Data With
Where appropriate, and in accordance with local laws and requirements, we may share your personal data with the following categories of people:
- Any of our group companies;
- Tax, audit, or other authorities, we believe in good faith that the law or other regulation requires us to share this data (for example, because of a request by a tax authority or in connection with any anticipated litigation);
- Third-party service providers who perform functions on our behalf (including external consultants, business associates and professional advisers such as lawyers, auditors and accountants, technical support functions and IT consultants carrying out testing and development work on our business technology systems);
- Third-party outsourced IT and document storage providers where we have an appropriate processing agreement (or similar protections) in place;
- Marketing technology platforms and suppliers;
- If We Are Refyne Limited merges with or is acquired by another business or company in the future (or is in meaningful discussions about such a possibility) we may share your personal data with the (prospective) new owners of the business or company.
Lawful Basis for Processing
Article 6 of the General Data Protection Regulation (GDPR) requires that we process all personal data lawfully, fairly and in a transparent manner.
Article 6(1)(f) states that We Are Refyne Limited can process your data where "processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third-party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child."
In simpler language this is where We Are Refyne Limited has a legitimate reason to process your data provided it is reasonable and does not go against what you would reasonably expect from us.
As a Website Visitor we believe it is reasonable to expect us to collect and use your personal information to provide a positive browsing experience.
In some cases, we may be required to use your data for the purpose of investigating, reporting and detecting crime and also to comply with laws that apply to us. We may also use your information during the course of internal audits to demonstrate our compliance with certain industry standards.
While we don't believe any of the above activities prejudice you in any way – they enable us to provide the service you have engaged us for – you have the right to object to us processing your data on this basis.
Your Rights
The General Data Protection Regulation (GDPR) provides the following rights for individuals:
- The right to be informed;
- The right of access;
- The right to rectification;
- The right to erasure (to be forgotten);
- The right to restrict processing;
- The right to data portability;
- The right to object;
- Rights in relation to automated decision making and profiling; and
- The right to withdraw consent.
1. The Right to Be Informed
Individuals have the right to be informed about the collection and use of their personal data in a concise, transparent, intelligible and easily accessible way that uses clear and plain language. This Privacy Policy serves to provide this information.
Where personal data is obtained from third-party sources we will endeavour to inform the individual of this privacy information in a timely manner and no later than one month after receiving the data.
2. The Right of Access
Under the GDPR, individuals have the right to obtain:
- Confirmation that their data is being processed;
- Access to their personal data; and
- Other supplementary information.
This right of access has been provided to allow individuals to access their personal information, so they are aware of and can verify the lawfulness of the processing.
To find out if we hold any of your personal information, and what data we hold, a Subject Access Request (SAR) can be submitted.
If we do hold your personal information we will:
- Provide a description of it;
- Explain why we are holding it;
- Explain who it could be disclosed to; and
- Let you have a copy of the information in an intelligible form.
Where we are legally permitted to do so, we may refuse your request. If we refuse your request, we will always tell you the reasons for doing so.
3. The Right to Rectification
Individuals have the right to request that any inaccurate personal data is rectified or completed if it is incomplete. Personal data is considered to be inaccurate if "it is incorrect or misleading as to a matter of fact". This request can be made either verbally or in writing.
When a request for rectification is received we will take reasonable steps to confirm the identity of the individual making the request and to satisfy ourselves that the data provided is accurate and that rectification of the data is required. When considering the accuracy of the data you have the right to restrict the processing of your personal data until its accuracy has been established. Details of this right can be found here.
When we are satisfied of the accuracy of the new data we will update it within our systems. If we have shared the inaccurate personal data with third-parties, we will notify them of the rectification unless this is impossible or involves disproportionate effort.
We will inform you of the outcome of your request within one month of receipt of your request. Where a request is complex, or a number of requests have been received from you, the time to respond may be extended by a further two months. If we extend the time period we have to respond to your request, we will inform you of this within one month of receipt of the request and explain the reasons for the extension.
We retain the right to refuse to comply with a request for rectification if the request is "manifestly unfounded or excessive". Alternatively, we may request a "reasonable fee" to deal with requests considered to be "manifestly unfounded or excessive".
Where we refuse to comply with the request we will, without undue delay and within one month of receipt of the request, inform the individual of:
- The reasons why action is not being taken;
- Their right to make a complaint to the ICO or another supervisory authority; and
- Their right to seek to enforce this right through a judicial remedy.
This information will also be provided if we request a "reasonable fee" to comply with the request.
4. The Right to Erasure (To Be Forgotten)
Individuals have the right to request that their personal data is erased from our systems, this right is not absolute and only applies in certain circumstances. Normally, the information must meet one of the following criteria:
- The personal data is no longer necessary for the purpose for which we originally collected and/or processed it;
- Where previously given, you have withdrawn your consent to us processing your data, and there is no other valid reason for us to continue processing;
- The data has been processed unlawfully (i.e. in a manner which does not comply with the GDPR);
- It is necessary for the data to be erased in order for us to comply with our legal obligations as a data controller; or
- If we process the data because we believe it necessary to do so for our legitimate interests, you object to the processing and we are unable to demonstrate overriding legitimate grounds for our continued processing.
The right to erasure does not apply if processing is necessary for one of the following reasons:
- To exercise the right of freedom of expression and information;
- To comply with a legal obligation;
- For the performance of a task carried out in the public interest or in the exercise of official authority;
- For archiving purposes in the public interest, scientific research historical research or statistical purposes where erasure is likely to render impossible or seriously impair the achievement of that processing; or
- For the establishment, exercise or defence of legal claims.
When a request for erasure is received we will take reasonable steps to confirm the identity of the individual making the request. Once proof of identity has been obtained we will take all reasonably practicable steps to delete the relevant data and inform other organisations of the erasure if the personal data has been disclosed to others.
We will inform you of the outcome of your request within one month of receipt of your request. Where a request is complex, or a number of requests have been received from you, the time to respond may be extended by a further two months. If we extend the time period we have to respond to your request, we will inform you of this within one month of receipt of the request and explain the reasons for the extension.
We retain the right to refuse to comply with a request for erasure if the request is "manifestly unfounded or excessive". Alternatively, we may request a "reasonable fee" to deal with requests considered to be "manifestly unfounded or excessive".
Where we refuse to comply with the request we will, without undue delay and within one month of receipt of the request, inform the individual of:
- The reasons why action is not being taken;
- Their right to make a complaint to the ICO or another supervisory authority; and
- Their right to seek to enforce this right through a judicial remedy.
This information will also be provided if we request a "reasonable fee" to comply with the request.
5. The Right to Restrict Processing
Individuals have the right to request that we restrict our processing of their personal information, this right is not absolute and only applies in certain circumstances. This means that we can continue to store your personal information but the ways in which we can use your information is limited. This is an alternative to requesting the erasure of your data.
You are entitled to request that we restrict the processing of your personal information where:
- You contest the accuracy of your personal information and we are verifying the accuracy of the data;
- The data has been processed unlawfully (i.e. in a manner which does not comply with the GDPR);
- Where we no longer need your personal information, but you need the data to establish, exercise or defend a legal claim; or
- You have objected to the processing of your personal information and we are considering whether our legitimate grounds override yours.
If we have shared your personal information with third-parties, we will notify them of the request to restrict processing unless this is "impossible or involves disproportionate effort".
We will notify you before lifting any restriction on processing your personal information.
We will inform you of the outcome of your request within one month of receipt of your request. Where a request is complex, or a number of requests have been received from you, the time to respond may be extended by a further two months. If we extend the time period we have to respond to your request, we will inform you of this within one month of receipt of the request and explain the reasons for the extension.
We retain the right to refuse to comply with a request to restrict processing if the request is "manifestly unfounded or excessive". Alternatively, we may request a "reasonable fee" to deal with requests considered to be "manifestly unfounded or excessive".
Where we refuse to comply with the request we will, without undue delay and within one month of receipt of the request, inform the individual of:
- The reasons why action is not being taken;
- Their right to make a complaint to the ICO or another supervisory authority; and
- Their right to seek to enforce this right through a judicial remedy.
This information will also be provided if we request a "reasonable fee" to comply with the request.
6. The Right to Data Portability
Individuals have the right to obtain and reuse the personal information for their own purposes across different services. In effect, this means you are able to transfer your personal information held by We Are Refyne Limited between Data Controllers. To enable this transfer, we will provide you with your information in a structured, commonly used and machine readable format that is password-protected so that you can transfer the data to another Data Controller. The personal information provided will be restricted to the personal information you have provided to us.
The right to data portability applies when:
- Our lawful basis for processing your personal information is consent or for the performance of a contract; and
- We are carrying out the processing by automated means (i.e. without any human intervention).
We will inform you of the outcome of your request within one month of receipt of your request. Where a request is complex, or a number of requests have been received from you, the time to respond may be extended by a further two months. If we extend the time period we have to respond to your request, we will inform you of this within one month of receipt of the request and explain the reasons for the extension.
We retain the right to refuse to comply with a request to restrict processing if the request is "manifestly unfounded or excessive". Alternatively, we may request a "reasonable fee" to deal with requests considered to be "manifestly unfounded or excessive".
Where we refuse to comply with the request we will, without undue delay and within one month of receipt of the request, inform the individual of:
- The reasons why action is not being taken;
- Their right to make a complaint to the ICO or another supervisory authority; and
- Their right to seek to enforce this right through a judicial remedy.
This information will also be provided if we request a "reasonable fee" to comply with the request.
7. The Right to Object
Individuals have the right to object to:
- Processing based on legitimate interests or the performance of a task in the public interest/exercise of official authority (including profiling);
- Direct marketing (including profiling); and
- Processing for purposes of scientific/historical research and statistics.
To be able to exercise this right you must have "grounds relating to his or her particular situation".
If your objection relates to us processing your personal information because we deem it necessary for our legitimate interests, we must act on your objection by ceasing the activity in question unless:
- We can show that we have compelling legitimate grounds for processing which overrides your interests; or
- We are processing your data for the establishment, exercise or defence of a legal claim.
If your objection relates to direct marketing, we must act on your objection by ceasing this activity.
8. Rights in Relation to Automated Decision Making and Profiling
Individuals have additional rights with the fully automated decision making process, including profiling with legal or similarly significant effects restricted. This restriction only applies to fully automated individual decision making where there is no human involvement.
This restriction is lifted if one of the following three conditions apply:
- It is necessary for the entry into or performance of a contract;
- It is authorised by Union or Member state law applicable to the controller; or
- Based on the individual's explicit consent.
9. The Right to Withdraw Consent
Individuals have the right to withdraw previously given consent at any time, for example where consent has been given for direct marketing.
When consent is withdrawn we will cease to carry out the activity for which consent has been withdrawn unless we consider that there is an alternative reason to justify our continued processing of your data for this purpose. Where we consider this to be the case we will inform you of this condition and the alternative reasons.
Details of how to get in touch about these rights can be found here. We endeavour to deal with any requests without undue delay, and in any event within one month (subject to any extensions to which we are lawfully entitled). We may keep a record of your communications to help us resolve any issues which you raise.
Where our lawful basis for processing your personal data is consent, you have the right to withdraw your consent at any time by contacting us.
If you withdraw consent, where consent is the legal basis for processing, we will cease to process your personal data for the activity which consent has been withdrawn unless we still need to process your data for legal or official reasons. If this is the case, we will inform you and will restrict the data to only what is necessary for the purpose of meeting those specific reasons.
If you believe that any of your data that we process is incorrect or incomplete, please contact us using the details above and we will take reasonable steps to check its accuracy and correct it where necessary.
Subject Access Requests
Individuals can raise a Subject Access Request (SAR) to exercise one or more of their rights, listed in the Your Rights section of this Privacy Policy. As part of any request you will be required to provide proof of your identity before the request is processed. Your request will be processed within one month of receipt of both your request and proof of identity, except in circumstances where requests are complex or numerous.
If a request is considered complex or numerous we may extend the period of compliance by a further two months, notification of this will be provided within one month of receipt of the request along with details of why the extension is necessary.
Subject Access Requests will be processed free of charge except where the request is deemed "manifestly unfounded or excessive". Where this is the case a "reasonable fee" may be charged. A "reasonable fee" may also be charged to comply with requests for additional copies of the same information, this fee will cover the administrative costs involved in providing the information.
Where we consider a request to be "manifestly unfounded or excessive" we may refuse to respond to the request. If we refuse to respond we will provide details of why this decision has been made along with details of your right to complain to the supervisory authority (the ICO) and to a judicial remedy.
To submit a Subject Access Request please contact us, by email, telephone or in writing, using the contact details listed in the How to Contact Us section below.
Safeguarding Your Data
We are committed to taking all reasonable steps by means of "appropriate technical and organisational measures" to safeguard the personal information we hold from misuse, loss or unauthorised access. These include measures to deal with any suspected data breach.
We secure the personal information you provide on computer servers in a controlled, secure environment, protected from unauthorised access, use or disclosure. When personal information is collected on our website and/or transmitted to other websites, it is protected through the use of encryption, such as the Secure Socket Layer (SSL) protocol.
If you suspect any misuse, loss or unauthorised access to your personal information please let us know immediately. Details of how to contact us can be found here.
ICO Registration
We Are Refyne Limited is registered with the ICO (Information Commissioner's Office), details of our registration are available at https://ico.org.uk/ESDWebPages/Entry/Z9043389.
Cookies Policy
Cookies are small text files that are placed on your computer, smartphone or tablet by websites that you visit. They are widely used to make websites work, or work more efficiently, as well as to provide information to the owners of the site. Cookies are used by nearly all websites and do not harm your system.
You can read more about how we use cookies on our Cookies Policy page.
Third-Parties
We Are Refyne Limited may use third-parties to perform services in connection with our operations, to improve our website and our services, products and features, and to protect our users. These third-parties may include (but are not limited to) service providers and vendors.
Any sharing of personal information with a third-party will be done under contract with the third-party obliged to keep the data secure. The third-party will only use the information to fulfil the service(s) they provide and will delete all personal information when it is no longer needed to fulfil that service.
A list of the third-parties with whom personal data may be shared can be found here.
Links to Other Websites
Our website contains links to other websites. Please be aware that we are not responsible for the privacy practices of those other websites. When you leave our website, we encourage you to read the privacy policies of each and every website.
How to Contact Us
You can contact us by email, telephone or in writing:
Email: gdpr@wearerefyne.com
Telephone: 0161 710 4930
Address:
GDPR Manager
We Are Refyne Limited
7 Jordan Street
Castlefield
Manchester
Greater Manchester
M15 4PY
Glossary of Terms
Candidate – This category includes applicants for all roles advertised or promoted by We Are Refyne Limited including permanent, temporary and interim positions with We Are Refyne Limited's Clients; as well as people who have supplied a speculative CV to We Are Refyne Limited not in relation to a specific job. Employees of suppliers or other third-parties put forward for roles with We Are Refyne Limited will be treated as candidates for the purposes of this Privacy Policy.
Client – This category includes our customers, clients and others to whom We Are Refyne Limited provides services in the course of its business.
Contractor – This category includes Candidates who have been placed into a position by We Are Refyne Limited.
Data Controller – A data controller determines the purposes and means of processing personal data.
Data Processor – A data processor is responsible for processing personal data on behalf of a controller.
General Data Protection Regulation (GDPR) – A European Union statutory instrument which aims to harmonise European data protection laws. It has an effective date of 25 May 2018, and any references to it should be construed accordingly to include any national legislation implementing it.
Managed Service Provider (MSP) – Clients' outsourcing of the management of external staff (including freelance workers, independent contractors and temporary employees) to an external recruitment provider.
Other People Whom We Are Refyne Limited May Contact – This category may include Candidates' and We Are Refyne Limited's Staff emergency contacts and referees. We will only contact them in appropriate circumstances.
Personal Data/Personal Information – The GDPR applies to 'personal data' meaning any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier.
This definition provides for a wide range of personal identifiers to constitute personal data, including name, identification number, location data or online identifier, reflecting changes in technology and the way organisations collect information about people.
Personal data that has been pseudonymised – e.g. key-coded – can fall within the scope of the GDPR depending on how difficult it is to attribute the pseudonym to a particular individual.
Recruitment Process Outsourcing (RPO) Services – Full or partial outsourcing of the recruitment process for permanent employees to a recruitment provider.
Sensitive Personal Data/Sensitive Personal Information – The GDPR refers to sensitive personal data as "special categories of personal data" (see Article 9).
The special categories specifically include genetic data, and biometric data where processed to uniquely identify an individual.
Personal data relating to criminal convictions and offences are not included, but similar extra safeguards apply to its processing (see Article 10).
Staff – This category includes employees and interns engaged (or who have accepted an offer to be engaged) directly in the business of We Are Refyne Limited as well as certain other workers engaged in the business of providing services to We Are Refyne Limited (even though they are not classed as employees). Independent contractors and consultants performing services for We Are Refyne Limited fall within the definition of a "Supplier" for the purposes of this Privacy Policy.
Supplier – This category refers to partnerships and companies (including sole traders), and atypical workers such as independent contractors and freelance workers, who provide services to We Are Refyne Limited. In certain circumstances We Are Refyne Limited will sub-contract the services it provides to Clients to third-party suppliers who perform services on behalf of We Are Refyne Limited. In this context, suppliers that are individual contractors, freelance workers, or employees of suppliers will be treated as Candidates for data protection purposes.
Please note that in the context, We Are Refyne Limited require Suppliers to communicate the relevant parts of this Privacy Policy (namely the sections directed to Candidates) to their employees.
Website Visitor – This category includes any individual who accesses any of the We Are Refyne Limited websites.