Data controller: ROC Group, Hope House, Burnhope, Newton Aycliffe DL5 7ER. This notice explains what personal data (also referred to as “information” in this notice) we hold about you, how we collect it, and how we use and may share information about you during the initial stages of your enquiry. Please ensure that you read this notice and any other similar notice we may provide to you. We are committed to being transparent about how we collect and use your data and to meeting our data protection obligations. In this notice, references to “we”, “us”, or “our” are references to the ROC Group.
What information do we collect?
We collect and process a range of information about you when you send an online enquiry form. We collect further information during the meetings and telephone conversations we will have with you following your online enquiry (or the first point of contact if you have called us to enquire rather than using our website). This further information may include:
- Personal details: name, contact information and how you heard about the ROC Group.
- Personal details including name, age or date of birth, gender and contact information, including address.
- Marital status, your spouse or partner, dependents, other family members and your support network, and details of previous significant relationships.
- An employment overview including current and previous employment, voluntary work and relevant experience.
- Any other information that you opt to provide in support of your enquiry
Why do we process your personal data?
The collection and use of your information is for the purposes of our legitimate interests but only if these are not overridden by your interests, rights or freedoms. Processing your data allows us to:
- Maintain good agency practice and comply with legal, regulatory and corporate governance obligations;
- Comply with legislation obligations;
- Protect our networks and personal data against unauthorised access or data leakage;
- Ensure effective recruitment and business administration
- Respond and defend against legal claims;
How we use your sensitive personal data
“Special categories” of particularly sensitive personal information require higher levels of protection. We need to have further justification for collecting, storing and using this type of personal information. We have in place appropriate safeguards which we are required by law to maintain when processing such data. We may process special categories of personal information in the following circumstances:
1. In limited circumstances, with your explicit written consent.
2. Where we need to carry out our legal obligations.
Less commonly, we may process this type of information where it is needed in relation to legal claims or where it is needed to protect your interests (or someone else’s interests) and you are not capable of giving your consent, or where you have already made the information public.
Do we need your consent?
We do not need your consent if we use special categories of your personal information in accordance with our written policy to carry out our legal obligations. In limited circumstances, we may approach you for your written consent to allow us to process certain particularly sensitive data. If we do so, we will provide you with full details of the information that we would like and the reason we need it, so that you can carefully consider whether you wish to consent.
You should be aware that it is not a condition of your contract with us that you agree to any request for consent from us.
Who has access to data?
Your information will be accessible internally with ROC Group staff. We will not share your data with any third party unless legally required to do so or with your written consent. We will not transfer your data to countries outside the European Economic Area.
Where your information may be held
Information may be held at our offices and those of our affiliates.
How do we protect your data?
We take the security of your data seriously. We have internal policies and controls in place to try to ensure that your data is not lost, accidentally destroyed, misused or disclosed. We limit access to your personal data to those who have a genuine business need to know or use it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality. Physical personal data is stored securely in locked filing cabinets or
drawers. Electronic data stored on our IT systems is password protected, encrypted and information is held on drives with restricted access.
Where we engage third parties to process personal data on our behalf, the third parties do so on the basis of written instructions, are under a duty of confidentiality and are obliged to implement appropriate technical and organisational measures to ensure the security of your data. We have procedures in place to deal with any suspected data security breach.
We will notify you and any applicable regulator of a suspected breach
where we are legally required to do so.
For how long do we keep your data?
We shall not retain your data for any longer than is necessary for the purpose we obtained it or for longer that we are required to by law.
As a data subject, you have a number of rights. You can:
- access and obtain a copy of your data on request;
- require us to change incorrect or incomplete data;
- require us to delete or stop processing your data, for example
- where the data is no longer necessary for the purposes of
- object to the processing of your data where we are relying on our
- legitimate interests as the legal ground for processing; and
- request the transfer of your data to another party.
In the limited circumstances where you may have provided your consent to the collection, processing and transfer of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. Once we have received notification that you have withdrawn
your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law or to comply with fostering regulations.
If you would like to exercise any of these rights, please contact our Data Protection Officer Sally Bishop at ROC Group, Hope House, Burnhope, Newton Aycliffe, Co. Durham DL5 7ER.
If you believe that we have not complied with your data protection rights, we hope that we can resolve any query or concern you have. If not, you can complain to the Information Commissioner. You can contact the Information Commissioners Office on 0303 123 1113 or via email https://ico.org.uk/global/contact-us/email/ or at the Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF.
What if you do not provide personal data?
You have obligations in submitting an enquiry to provide us with data. If you fail to provide certain information when requested, we may not be able to conduct your assessment which would in turn prevent you from working with us.
Certain information (such as contact details, payment details, health information) have to be provided to enable us to enter into a contract with you. If you do not provide requested information, this will hinder our ability to fulfil our obligations.
Decisions are not based solely on automated decision-making.