Worksmart Limited is committed to respecting your privacy and to complying with applicable data protection and privacy laws.
Please note: (i) if you are an employee or candidate applying for a job at Worksmart Limited, then additional Privacy Notices will be provided to you specifically dealing with these circumstances; (ii) this privacy notice also does not apply to data that we process on behalf of our customers for their benefit eg when we act as a hosting service provider and (iii) our website is not intended for children and we do not knowingly collect data relating to children.
- Important Information and who we are
Who we are and contact details
We are Worksmart Limited, a provider of Regulatory Technology solutions to the Financial Services Industry.
In this policy ‘Worksmart Limited’, ‘we’, ‘us’ or ‘our’ means: Worksmart Limited, (Registered No. 6329038) of Beech House, Breckland, Linford Wood, Milton Keynes MK14 6ES and we are the controller and responsible for your personal data.
If you think your data rights have been breached, you are able to raise a complaint with the UK’s Information Commissioner’s Office (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns first.
Links to other websites
Changes to this policy and updates to personal information
We keep this policy under regular review. This policy was significantly updated in May 2018 following the introduction of the General Data Protection Regulations with further updates in March 2019 and October 2020. Historic versions can be obtained by contacting us.
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.
- What type of information is collected from you?
Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
The personal information we collect, store, transfer and use about you might include:
- your name, title (‘Identity’ data) and contact details, including postal address, email address, telephone number, job title and your employer’s name (‘Contact’ data);
- information about your activities on our website and about the device used to access it, for instance your IP address, login name and geographical location (‘Technical’ data);
- operational information obtained in the course of carrying out our business including, but not limited to CCTV footage, recording of phone calls, logs of visitors (‘Operational’ data); and
- any other personal information you have shared with us.
- How do we collect personal information from you?
We obtain personal information about you in the following ways:
Information you give us directly
For example, we may obtain personal information about you when you enter it via our website, write to us, email us, telephone us, take part in one of our events or use our products and services.
When you visit this website or access our hosted services
We may automatically collect the following information:
- technical information, including the type of device you are using, the IP address, browser and operating system being used to connect your computer to the internet. This information may be used to improve the services we offer; and
- information about your visit to the website, for example we collect information about pages you visit and how you navigate the website, i.e. length of visits to certain pages, products and services you viewed and searched for, referral sources (e.g. how you arrived at our website).
When you visit our office
For example, we may capture CCTV (Closed-circuit Television) footage of you and information about you on our visitor’s log when you visit our office.
Public Information and information from third parties
We may supplement information about you from publicly available sources such as the FCA register, corporate websites, social media, electoral role and Companies House in order to create a fuller profile, so we can tailor and target our communications in a way that is relevant to you. For more information, please see the section on ‘Building Profiles’ below.
Some of the technical information collected when you visit our website or our hosted services is received by us from analytics providers, including Google and Hubspot. Hubspot and its sub-data processors also host the contact information that you may enter via our website or provide to us another way.
- How and why is your information used?
We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:
- Where we need to perform the contract we are about to enter into or have entered into with your employer.
- Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
- Where we need to comply with a legal obligation.
We have set out below, in a table format, a description of all the ways we plan to use your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate. Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data.
Type of data
Lawful basis for processing including basis of legitimate interest
To provide requested information or perform our contracts with your employer or business
(a) Performance of a contract
(b) Necessary for our legitimate interests (to contact our customer)
To manage our relationship with you and your employer which will include:
(b) Asking you to participate in events or asking for your views on our services
(a) Performance of a contract with your employer
(b) Necessary to comply with a legal obligation
(c) Necessary for our legitimate interests (to keep our records updated and to study how customers use our products/services)
To administer and protect our business and this website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data)
(a) Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise)
(b) Necessary to comply with a legal obligation
To deliver relevant website content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you
Necessary for our legitimate interests (to study how customers use our products/services, to develop them, to grow our business and to inform our marketing strategy)
To use data analytics to improve our website, products/services, marketing, customer relationships and experiences
Necessary for our legitimate interests (to define types of customers for our products and services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy)
To make suggestions and recommendations to you about goods or services that may be of interest to you or your employer
Necessary for our legitimate interests (to develop our products/services and grow our business)
To detect crime and monitor the safety of our staff and premises
Necessary for our legitimate interests
We may use your Identity and Contact data to provide you with information about our products and services we think may be of interest to you or your employers. You may opt out of our marketing communications at any time by following the opt-out links on any marketing message sent to you or contacting us in which case your details will be transferred to a ‘do not contact’ list. If you have asked to receive details of our services, events, training / seminars, etc you can contact us at any time to have your details removed from lists used by us for any or all of those purposes.
We may analyse your personal information to create a profile of your interests and preferences so that we can tailor and target our communications in a way that is timely and relevant to you. We may make use of additional information about you when it is available from publicly available sources to help us do this effectively. This allows us to be more focused, efficient and cost effective with our resources and also reduces the risk of someone receiving information they may find inappropriate or irrelevant.
Automated Decision Making
Automated decision-making means making decision about you using no human involvement e.g. using computerised filtering equipment. No decision will be made about you solely on the basis of automated decision making.
Change of purpose
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so. Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
- How long is your personal information kept for?
We only keep your data for as long as we need it or for any retention periods prescribed by law. Depending on the purpose for which we hold your personal data, retention periods may vary.
We will retain data provided to us for marketing purposes until you notify us that you wish us to stop contacting you. We would then transfer your contact details to a ‘do not contact’ list.
- Who has access to your personal information and where is it stored?
Your personal data will be processed by employees and contractors within our company where such processing is relevant to their function and will also be processed by third party suppliers who perform functions on our behalf under contract eg Google and Hubspot (and their respective sub-data processors) and marketing agencies. This may involve your personal data being transferred outside the UK.
We require all third parties to respect the security of your data and treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specific purposes and in accordance with our instructions.
We have put in place appropriate security measures to protect your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
- Your Rights
Under certain circumstances, you have the following rights under data protection laws in relation to the personal data we hold on you:
- the right to be informed about the personal data we hold on you and what we do with it;
- the right of access to the data we hold on you;
- the right for any inaccuracies in the personal data we hold on you to be corrected. This is also known as ‘rectification’;
- the right to have personal data deleted in certain circumstances. This is also known as ‘erasure’;
- the right to restrict the processing of the personal data;
- the right to transfer the personal data we hold on you to another party. This is also known as ‘portability’; and
- the right to object to the processing of your personal data.
In addition to the above rights, you also have the right to withdraw consent to our processing of your data at any time where we are relying on consent to process it. Withdrawing your consent means that we will stop processing any personal data that you had previously given us consent to use. However, in some cases, we may continue to use the data where so permitted by having a legitimate business interest for doing so.
If you wish to exercise any of the rights explained above, please contact the Data Protection Officer at Worksmart Limited using the contact details at the beginning of this policy. We will endeavour to respond to all requests within one month of receipt of your request, however if we are unable to do so we will contact you with reasons for the delay.
Please note that exceptions apply to a number of these rights, and not all rights will be applicable in all circumstances. For more details we recommend you consult the guidance published by the UK’s Information Commissioner’s Office, (https://ico.org.uk/). We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data. This is a security measure to ensure that personal data is not disclosed to the wrong person. We may also contact you to ask for further information to speed up our response.