WorkingFree is a specialist career advisory business supporting organisations and their senior Director-level executives coming off the permanent payroll into an independent working lifestyle. Please our website – www.WorkingFree.co.uk.
GDPR compliance is built into our Contact Database Procedures which are set out on the website. Details of individuals that we hold are either those with whom we are LinkedIn as a first contact, those who we have met, or spoken with, or have been approached by. There are some others we include through legitimate interest being senior decision-making Business Directors who share our own Thought Leadership views about senior people in the workplace.
Our contacts with names on our files are by email, telephone or letter and are about our Events.
Our website – www.DevonshireHouseNetwork.co.uk – reflects the senior level at which we work and our areas of business and human interest.
Hitherto, personal data that we have held on our files have related to our Contacts as described above. If there are any instances where we may not be perceived as having your permission to hold this information, we have always managed it in accordance with high and generally accepted standards of care and security and for the specific purpose of promoting their interest in Working Free. This data has not been shared with any third parties other than with Devonshire House Network Ltd, our Partner Company which is under the same ownership and with whom we collaborate extensively. It is not our policy to have any other similar arrangements. Where we have been requested to delete personal data by the data subject, we have done so.
At any time, you may withdraw your consent by instructing us to do so.
These are the ways in which we manage our business specifically in the light of the GDPR
All decision makers and key people in our organisation are aware that the law is changing under the GDPR. We document the personal data about you that we hold and where it came from. We maintain records of our processing activities. Working Free Ltd does have a Data Protection Officer. The Data Controller collecting the information described in this statement is Working Free Ltd.
We uphold the GDPR’s accountability principle, which requires organisations to be able to show how they comply with the Data Protection principles. Generally accepted standards of technology and operational security have been implemented to protect personal information from loss, misuse, alteration or destruction. All personnel are required to keep personal information confidential and only authorised persons have access to such information. Currently there are two Officers of the Company in this category. Their names can be ascertained form Working Free Ltd.
We continuously review our current privacy practices and will tell you about any changes that we make. When we collect personal data, in addition to current requirements, we will disclose to you our identity, how we intend to use your information, the lawful basis for processing the data and our data retention periods.
Devonshire House assumes responsibility for keeping an accurate record of personal data once you have submitted the information to us or we have obtained it from other sources. We seek your consent, but not for confirming the on-going accuracy of your personal information. If you tell us that your personal data is no longer accurate, it will be amended (where practical).
Information is used only for the specific purpose for which it was provided which is centred around the 20 high level Events that we deliver and the material that supports these Events.
Under the GDPR, you may complain to the ICO if you think there is a problem with the way we are handling your data. The GDPR requires the information to be provided in concise, easy to understand and in clear language.
We recognise your rights under the GDPR including the right to be informed; the right of access; the right to rectification; the right to erasure; the right to restrict processing; the right to data portability; the right to object; and the right not to be subject to automated decision-making including profiling.
We have the right procedures in place to detect, report and investigate a personal data breach. We are required to report to the GDPR certain types of data breach to the ICO, and in some cases, to individuals. Where a breach is likely to result in a high risk to the rights and freedoms of individuals, we will also have to notify those concerned directly in most cases. We have procedures in place to effectively detect, report and investigate a personal data breach.
Data Protection Impact Assessment is required in situations where data processing is likely to result in high risk to individuals. Whilst we do not think this is likely at Devonshire House Network, we acknowledge It has always been good practice to adopt a privacy by design approach and to carry out a Privacy Impact Assessment (PIA) as part of this. However, the GDPR makes privacy by design an express legal requirement, under the term ‘data protection by design and by default’.
If you have any questions about this privacy statement, please email us at [email protected]