WEBSITE PRIVACY POLICY

Introduction
This is the privacy policy for www.carletonlegal.com (“Site”). The Site is operated by Carleton Legal Limited (“we”, “us” and “our”). For the purposes of the Data Protection Act 2018 and any Act that replaces it (the “Act”) and the General Data Protection Regulation (GDPR), the data controller is Carleton Legal Limited who can be contacted at their office of Incuba Business Centre, 1 Brewers Hill Road, Dunstable, LU6 1AA, and you may contact us with any queries about this policy by email to enquiries@carletonlegal.com.

We are committed to protecting and respecting your privacy. We appreciate that you do not want the personal information you provide to us distributed indiscriminately and this policy sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.

If you have instructed or are considering instructing us to act as your agents in a job search, we consider that it necessary for us to collect and hold your personal information to enable us to negotiate and enter into contracts with prospective employers.

Information we may collect from you
We may collect and process the following information about you:

• information (such as your name, email addresses both personal and employment, personal postal address and telephone numbers both landlines and mobile numbers, personal and employment) that you provide by corresponding with us by email or otherwise;

• if you contact us, we may keep a record of that correspondence to include meeting and telephone conference notes;

• if you provide a copy of your business card, we may use that information to contact you;

• employment history information to include details on current and previous roles and representations, salary expectations and achievements;

• professional qualifications and education information, to include details of memberships, education and qualifications. To establish suitability for the role/recruitment process;

• information you have made publicly available on any networking website, such as LinkedIn;

• information you have made publicly available on the internet, on websites to include by way of example Law Society, and individual profiles as appear on employer websites;

• IP Address information (see below);

• Identity verification information including your passport, driving licence, or other photo ID, a bank statement or a utility bill, and copy documentation to confirm an individual’s eligibility to work in the UK and qualifications and memberships;

• banking details to include sort code, bank account number for the purposes of payments of introduction fees;

• communications you send to us, for example to report a problem or to submit queries, concerns or comments regarding the Site or its content; and

• information from surveys that we may, from time to time, run on the Site for research purposes, if you choose to respond to, or participate in, them.

You are under no obligation to provide any such information. However, if you should choose to withhold requested information, we may not be able to provide you with certain services.

We will usually retain different categories of the information that we collect from you for different periods of time, as set out in the table below.

Record Category Description Retention Period Reason for Retention Period Allowable Storage Media
Candidates Personal data, including names, addresses, Personal email, mobile numbers, employment history, education. 8 Years from receipt. Necessary for our legitimate interests of keeping details of candidates who may wish to use our services in future. Also necessary for the performance of the contract and any post-contract dispute; Legal and regulatory compliance requirement. Electronic/Paper.
Candidates Passport / VISA scan. nformation is destroyed immediately upon verification of an individual’s identity. Legal and regulatory requirement to verify identity. Electronic only.
Employee/Sub contractor Employee & subcontractor names, addresses, bank details, tax codes, employment history. 6 years after end of employment. Necessary for the performance of the contract and any post-contract dispute; Legal and regulatory requirements. Electronic/Paper.
Contractual Supplier names, addresses, company details. 6 years after end of supply. Necessary for the performance of the contract and any post-contract dispute. Electronic/Paper/Microfiche.
Supplier Supplier names, addresses, company details. 6 years after end of supply. Necessary for the performance of the contract and any post-contract dispute. Electronic/Paper/Microfiche.
Accounting Invoices, purchase orders, accounts and other historical financial records. 6 years from the end of the last company financial year they relate to, or longer if they show a transaction that covers more than one of the company’s accounting periods. Legal and regulatory compliance requirement. Electronic only – paper records must be scanned.
Clients Personal data, including customer names, addresses. 8 Years. Necessary for the performance of the contract and any post-contract dispute; Legal and regulatory compliance requirement. Electronic only – paper records must be scanned.
Clients Banking details. None - information is destroyed immediately after settlement of account. Deletion after fact. None.
IT Event log auditing and analysis records. 2 Years. Best practices for IT security investigations. Electronic only.

At the end of the Retention Period the data will be reviewed and unless there are valid legal grounds for retaining the data for any longer period, the data will be securely and permanently deleted, as set out in Carleton Legal’s Records Retention and Protection Policy document.

Carleton Legal obtains many contacts via referral, whereby you are invited to provide us with the contact details of someone who is known to you who may find our products or services to be of interest. Such referral must be on full authorisation and consent of the third-party individual concerned. The referrer being asked to capture consent and to be in a position to demonstrate such. Carleton Legal will further ask the referred individual whether they would like to be in communication, thus capturing further direct consent in compliance with GDPR guidelines, highlighting their rights and ability to opt out. We will take all reasonable steps to ensure that your privacy rights continue to be protected.

IP Addresses
When you visit the Site, we may automatically collect additional information about your electronic device, such as the type of internet browser and operating system you use, any website from which you have come to the Site and your IP address (the unique address which identifies your computer on the internet) which is automatically recognised by our web server, for system administration. This information is only used to assist us in providing an effective service on the Site and to collect broad demographic information for aggregate use.

Cookies
When you interact with the Site, we try to make that experience simple and meaningful. When you visit the Site, we use small text files called ‘cookies’ which are stored on your browser or hard drive of your computer to assist in personalising your browsing experience by displaying content that is more likely to be relevant and of interest to you and to help us improve our Site. A number of cookies we use last only for the duration of your web session and expire when you close your browser. Other cookies are used to remember you when you return to the Site and will last for longer. Some cookies we use are essential for the Site to operate.

If you submit details to us or if you continue to use our Site, you are agreeing to our use of cookies. If you are uncomfortable with the use of cookies, you can disable cookies on your computer by changing the settings in the preferences or options menu in your browser. You can set your browser to reject or block cookies or to tell you when a website tries to put a cookie on your computer. You can also delete any cookies that are already stored on your computer’s hard drive. To find out more about cookies, including seeing what cookies have been set and how to manage and delete them, visit www.allaboutcookies.org.  If you do not wish to accept cookies from Carleton Legal’s website, please leave this site immediately and then delete and block all cookies. Alternatively, you may opt out of receiving information from us by e-mail, telephone, or post.

Google Analytics
The Site uses Google Analytics, a web analytics service provided by Google Inc (“Google”) to help us to analyse the traffic to the Site. The type of information collected includes the time of visit and the type of operating system you are using. This information is only used to assist us in providing an effective service on the Site. After 60 days the information is deleted. Further information can be found at https://policies.google.com/privacy/update?hl=en-GB&gl=uk

Uses made of your information
We will use the information you provide for the following purposes:

• to enable us to provide you with the services and information as outlined on through the Site and which you request, in order to take steps to enter into a contract with a prospective employer;

• to audit the downloading of data from the Site to compile anonymous statistics, for example, website usage statistics; improve the layout and/or content of the pages of the Site and customise them for users to improve the marketing of our services;

• to identify visitors to the Site, which we consider necessary for the legitimate interests of running our business and improving the services that we provide;

• to send you information about goods and services that we think you may find useful or which you have requested from us, which we consider necessary for our legitimate interests to develop our products/services and grow our business, to alert you to new features, special events, and service offerings;

• to manage our relationship with candidates and clients, to process and respond to inquiries and requests; and

• to fulfil our legal obligations.

You can tell us not to contact you with information regarding our products and services at any time by following the unsubscribe instructions on any communications we send to you. You can also exercise the right at any time by contacting us using the “contacting us” details at the end of this privacy policy.

Information sharing
We may disclose aggregate statistics about visitors to the Site in order to describe our services to prospective partners and other reputable third parties and for other lawful purposes, these statistics will be anonymized to include no personally identifiable information. On the disclosure of such statistics, where there is the possibility of the unintentional transfer of personal data to such third parties, such will be afforded an adequate level of protection under an agreement which covers EU legislation and requirements for the transfer of personal data. If no such agreement exists then we will ask for your explicit consent. Where we transfer statistical information, we will take all necessary steps to ensure that your privacy rights continue to be protected.

We may disclose your personal information to any of our agents or contractors who assist us in providing the services we offer, processing transactions, fulfilling requests for information, receiving and sending communications, updating marketing lists, analysing data, providing support services or in other tasks, from time to time. Our agents and contractors will only use your information as instructed by us and only to the extent necessary to perform their functions.

In the event that we undergo re-organisation or are sold to a third party, we will as part of that contractual process transfer any personal information we hold about you to that re-organised entity or third party. We will notify you before that happens and give you the opportunity to object to your data being transferred.

We may share your personal information if required to do so by law or if we believe that such action is necessary to prevent fraud or cyber-crime or to protect the Site or the rights, property or personal safety of any person.

External links
The Site may, from time to time, contain links to external sites. We are not responsible for the privacy policies or the content of such sites.

Security
We place great importance on the security of all personally identifiable information associated with our users. We have security measures in place to attempt to protect against the loss, misuse and alteration of personal information under our control. For example, our security and privacy policies are periodically reviewed and enhanced as necessary and only authorised personnel have access to personal information. Whilst we cannot ensure or guarantee that loss, misuse or alteration of information will never occur, we use all reasonable efforts to prevent it.

You should bear in mind that submission of information over the internet is never entirely secure. We cannot guarantee the security of information you submit via the Site whilst it is in transit over the internet and any such submission is at your own risk.

It is advisable to close your browser when you have finished your user session to help ensure others do not access your personal information if you use a shared computer or a computer in a public place.

Storage of your information
Information that you submit via the Site is sent to and stored on secure servers located in the United Kingdom. This is necessary in order to process the information. Information submitted by you may be transferred by us to third parties mentioned in the circumstances described above (see information sharing), which may be situated outside the European Economic Area (EEA) and may be processed by staff operating outside the EEA. The countries concerned may not have similar data protection laws to the EEA. Where we transfer personal data outside of the EEA to a country not determined by the European Commission as providing an adequate level of protection for personal data, the transfer will be under an agreement which covers the EU requirements for the transfer of personal data outside the EU, such as European Commission approved standard contractual clauses or your explicit consent. Where we transfer your information, we will take all reasonable steps to ensure that your privacy rights continue to be protected.

Your rights
You have rights in relation to our use of your personal data. These include the right to:

• access your personal data;

• have your personal data erased; and

• have any inaccurate data corrected.

As well as these rights of access, erasure and amendment, you may have other rights such as the right to restrict processing and the right to data portability. Some of these rights will only be available from 25 May 2018. You also have the right to complain to the Information Commissioner’s Office if you believe we are in breach of our data privacy obligations.

Changes to our privacy policy
We reserve the right to change this privacy policy from time to time by changing it on the Site. This privacy policy was last updated on 14 May 2018. Any changes we may make to our privacy policy in the future will be posted on this page and, where appropriate, notified by e-mail.

Contacting us
Please submit any questions, concerns or comments you have about this privacy policy or any requests concerning your personal data by email to enquiries@carletonlegal.com or write to us at:

Carleton Legal LTD

Incuba Business Centre

1 Brewers Hill Road

Dunstable

LU6 1AA

Download Privacy Policy PDF

Last updated: 14 May 2018