This document sets out how we collect and process your personal information. It is important that you read this policy, together with any other notice or document that we may provide concerning privacy or data protection, so that you are fully aware of how and why we use your data.
We are The Carling Partnership Limited, a company registered in England and Wales under company number 03931444 and with a registered office at 5 Godalming Business Centre, Woolsack Way, Godalming, Surrey, GU7 1XW. We are a registered data controller under registration number Z1753377.
You can contact us:
• At our business address: The Clock House Studio, Clock House Lane, Bramley, Surrey, GU5 0AP;
• By email to: email@example.com; or
• By telephone to: 01483 893100.
1.0 OUR CORE BELIEFS REGARDING USER PRIVACY AND DATA PROTECTION
• User privacy and data protection are human rights.
• We have a duty of care to the people within our data.
• We will never sell, rent or otherwise distribute or make public your personal information save for in the circumstances permitted by this policy.
• The Carling Partnership is committed to protecting your privacy in all our dealings with you, whether through our website’s on-line services, through direct contact with our consultants or through any other interaction with us.
• When using our website, we want you to have a safe and secure experience.
• We will endeavour to ensure that the information you submit to us remains private, and is only used for the purposes set out in this policy.
2.0 RELEVANT LEGISLATION
The Carling Partnership complies with national and international legislation with regards to data protection and user privacy including (without limitation):
• EU General Data Protection Regulation 2018 (GDPR)
3.0 PERSONAL INFORMATION THAT WE COLLECT AND WHY WE COLLECT IT
When we use the terms “personal information” or “personal data”, we mean any information about an individual from which that person can be identified.
The personal information that we collect, and how we use that information, is identified in this section. The lawful bases for the uses identified in this section are set out in section 4.0 below.
3.1 Technical information
Like most websites, this site uses Google Analytics (GA), a service provided by Google LLC (Google), to track user interaction. We use this data to determine the number of people using our site, to better understand how they find and use our web pages, and to see their journey through the website. In a similar way, we use a Web Chat, a service provided by Zendesk to interact with our site visitors. More details can be found about Zendesk in section 7.0.
GA and Zendesk records the following data:
• Your geographical location;
• The device you are using to access the website;
• The internet browser you are using;
• Your operating system; and
• Your computer’s/device’s IP address.
Only your IP address could be used to personally identify you, but neither Zendesk nor Google grant us access to this information.
Google are a third party data processor (see section 7.0 below for more information). Data collected during your visit may be used to show you personalised ads on the basis of a legitimate interest. You can opt out of personalised ads in your Ads Settings. To remove personalised ads follow this link https://support.google.com/ads/answer/2662922?hl=en-GB
3.2 Contact and employment information (via website contact forms and email links)
Should you choose to contact us using the contact form on our Homepage using firstname.lastname@example.org or via the ‘Click Here’ option on our Opportunities page and via the ‘Apply Now’ option on each vacancy page, we will collect at least the following information:
• Your name;
• Your email address; and
• Your telephone number.
Only if you choose to submit it, we will also collect and store a copy of your CV the particular data points on your CV relating to employment history, relevant experience and qualifications. The website also allows you to submit any other personal information that you may consider relevant. If you do this, this information will be collected and stored alongside the other information identified in this section 3.2.
All personal information submitted via the website is sent to us by email over the Simple Mail Transfer Protocol (SMTP). Our SMTP servers are protected by TLS (sometimes known as SSL) meaning that the email content is encrypted using SHA-2, 256-bit cryptography before being sent across the internet. The email content is then decrypted by our local computers and devices and stored on our secure cloud platform network, accessible only by The Carling Partnership recruitment consultants, working inside the European Economic Area.
Once received, the processing that we will carry out will be any one or more of the following:
• Entering your information onto our secure database. This database, including the information relating to you, can only be accessed by The Carling Partnership consultants.
• Following an assessment of your requirements, for matching your coded details with vacancies, to assist us in finding you a new position.
• Profiling activities to search our secure database to create a shortlist of candidates that may match vacancies that we have, but the final decision about whether or not a candidate on that shortlist is contacted is taken by The Carling Partnership consultants.
• To periodically informed you about suitable vacancies.
• To manage our relationship with you, which includes contacting you about changes to this policy or with other data protection or privacy information.
• To deliver and administer services to you, including this website.
• Only with your prior consent, to share your contact and (if available) employment information with prospective employers (but please see section 7.0 below about transfers of your information).
3.3 Contact information collected at industry events or via professional networking websites
We attend industry events from time to time, and have a LinkedIn® profile to which people can connect. If you make available to us your name, job title and contact details by giving us your business card or by connecting with us on LinkedIn®, that information will be added to our secure database (see section 3.2 above for more detail on our database) and we may use this information to contact you about vacancies that may be of interest to you, or which appear suitable to your background or experience, or to inform you of changes to services that we provide or this policy. Only with your prior consent, we may share your name and contact details with prospective employers (but again, please see section 7.0 below about transfers of your information).
4.0 OUR LEGAL BASIS FOR PROCESSING
The first principle of data protection is that personal data is processed lawfully, fairly and in a transparent manner. For processing to be lawful, it must be processed on one of the six lawful bases set out in the GDPR. Typically in our case, we will process your personal data in the manner to which you have consented or where it is necessary to do so to pursue our legitimate interests (or those of a third party) any your interests and fundamental rights do not override those interests.
Should you register with us and/or contact us, you will be asked to digitally sign our consent form (which refers to this policy), available here from our website, and consent to the processing activities identified in section 3.2 above. All emails that we send to you will contain a link to a consent management tool that you can use to alter your consent preferences, however you can withdraw or alter your consents at any time, whether or not in response to a communication from us.
We have a legitimate interest in maintaining a database of contacts at all levels, and in all sectors, of the drinks industry so that we can introduce appropriate candidates for vacancies to our clients in a quick and efficient manner, thereby improving our commercial offering and increasing revenues. To this end, we will retain the name, contact and employment information that we have collected pursuant to section 3.0 above on our secure database and further may use such information to identify a shortlist of potential candidates for a vacancy and contact you about vacancies that may be of interest to you, even though you may not have expressly consented to such contact (but not if you have expressly objected to such contact). You may opt out of our database at any time by contacting us or using the functionalities contained in any email that we send to you.
We also have a legitimate interest in providing an informative website that is safe and secure to use and in studying how that website is used. In order to achieve this, we may process any technical personal information that we collect (see section 3.1 above for more detail on this type of information).
5.0 ABOUT THE WEBSITE’S SERVER
The website is hosted by Think Incorporated Limited.
All traffic (transferral of files) between the website and your browser is encrypted and delivered over HTTPS. Please see section 3.2 above for more information on the security measures taken in respect of personal information submitted via the website.
6.0 ABOUT OUR SECURE COMPUTER NETWORK
All our computers and systems are encrypted. Our Cloud Platform is hosted by Knowall within a UK data centre located just outside Reading.
Some of the data centre’s more notable security features are as follows:
• 24/7 on-site security with dog patrol
• Full CCTV and infrared monitoring of all data centre areas with 24 hour recording
• All access points have high strength steel automatic roller shutters
• Redcare GSM system security monitoring
• Full access control system with individual PAC cards remotely monitored/ logged
• Smoke and fire detection with monitoring and response systems
Full details of Knowall’s data centre can be found here: http://www.knowall.net/managed-services/cloud-backups
Our database is held on a secure cloud platform hosted by Dillistone.
More specifically, we chose to implement their FileFinder Cloud solution, which means your data is stored securely. Unlike other vendors, they never cache data on local machines/devices. They also became the first specialist vendor to be accredited to the US/EU Privacy Shield and are thought leaders in terms of GDPR and data privacy.
7.0 TRANSFERS AND SHARING OF YOUR INFORMATION
The Carling Partnership is a Private Limited Company managed by its owners and is not part of a larger group of companies, nor is it affiliated in any way with any other company.
The Carling Partnership does not, and will not, disclose your information to third parties without your consent (save for to our processors as set out below). Where such disclosure would be to an organisation located outside of the European Economic Area, we will inform you of this and the protective measures that have been taken to help to ensure the continued security of your information.
We use third party data processors to process personal data on our behalf. These third parties have been carefully chosen and they comply with the legislation set out in section 2.0. They are EU-U.S Privacy Shield compliant (where applicable):
More information about some of these third parties, and the information that they may process, is given above. Further information about their approach to data protection can be obtained from their own privacy policies, available to view from their respective websites.
8.0 DATA BREACHES
We will report any unlawful data breach that we or any of our third party data processors may suffer or incur to any and all relevant persons and authorities within 72 hours of the breach if it is apparent that personal data stored in an identifiable manner has been stolen.
9.0 DATA RETENTION
We will only retain your personal information for as long as necessary to fulfil the purposes for which we originally collected it. This would include the purposes of satisfying any legal, accounting or reporting requirements.
Please see Google’s developer guides for information on the duration of the GA cookies that we use.
Employment and contact information that you have given to us, including a copy of your CV and the data points we collect from it, will be kept securely on our database for as long as our legitimate interests in keeping it and using it as set out in this policy are not outweighed by your own rights and interests (for example, if you no longer work in the drinks industry or have informed us that you object to our further processing of your data).
We conduct regular reviews of the information on our database to check that we do not hold information that we no longer need or for which we have no lawful basis to further process. If we do find any such information, it is securely deleted from our database. For the avoidance of doubt, information is not deleted from our database unless you have objected to our continued holding of it or if we establish that we no longer need it, or no longer have a lawful basis to hold it.
10.0 YOUR LEGAL RIGHTS
You have the right at any time to:
• Ask us for a copy of the information supplied by you that we hold.
• Request that your personal data is corrected.
• Request that we erase your personal data.
• Object to any processing of your personal data.
• Request a restriction of the processing of your personal data.
• Withdraw a consent that you have previously given.
• Request a transfer of your personal data.
• Object to any automated decision-making that we may carry out.
If you would like to exercise any of the above rights please contact us at email@example.com. We will comply with your request (provided that it is not unfounded, repetitive or excessive) within 30 days and the information will be supplied to you in an electronic version.
Some of the rights set out above are not automatic, and we may need to discuss with you why the right may not be available. Furthermore, we may need to request further information from you to confirm your identity and the availability of the right that you are looking to exercise.
If you feel that your rights have been breached in any way, you should contact us at firstname.lastname@example.org or lodge an official complaint with the Information Commissioner’s Office.
All information incorporated within this web site is © The Carling Partnership Limited. This website has been created for and on behalf of The Carling Partnership Limited. Unauthorised use of The Carling Partnership trademarks, trade names and logos is prohibited.