WE HANDLE YOUR DATA WITH CARE
'We're 'people' people who thrive on building great relationships.'Transparency is key to our business ethic and we want to make sure you’re in control of what data we collect about you, how it’s used and who it’s shared with.
If, after reading this statement, you have more questions, please email info@blue-edge.co.uk or call our office on 01273 328 125.
Table of Contents
- 1. Introduction
2. What data do we collect and how do we use it?
3. How do we share information?
4. Your duties & choices
5. Other important information
1. INTRODUCTION
WHO ARE WE?
Blue Edge is a trading name of The Blue Consult Ltd. We’re a communications agency which works to create winning bids for top-tier contractors in many industries.
As an agency, we rely on our widespread network of specialists, and our ongoing relationships with them and our Clients.
WHO DOES THIS PRIVACY POLICY APPLY TO?
This privacy policy applies to any potential, current and past members of this community. Specifically, we collect and process data belonging to these people:
Direct Candidates
People who have applied for a position within the Blue Edge team.
Indirect Candidates
People whom Blue Edge are approaching to potentially join the Blue Edge team or network of Associates.
Employees
Current and past staff members.
Associates
People who work/have worked for Blue Edge on an intermittent basis as private contractors.
Prospective Associates
People who have contacted us because they are interested in becoming an Associate.
Clients
People who represent the companies we are currently contracted with.
Prospective Clients
People who represent the companies we are looking to develop a relationship with for future contracts.
Suppliers
People who represent companies that provide services or products essential to our day-to-day business activities or fulfilling contract terms.
Emergency Contacts
People whose details we have been given as ‘next of kin’ contacts to be used in case of an emergency.
WHAT ARE OUR ROLES REGARDING YOUR DATA?
If your relationship with Blue Edge falls into one of the above listed categories, The Blue Consult Ltd. will be the Controller of your personal data as provided to us, collected by us, or processed in connection with our services.
If you are in a contract with Blue Edge as an Employee, Associate, Client, Supplier or Emergency Contact, we may need to share your data with other parties for the purposes of fulfilling our contractual terms. A party using or storing individuals’ information provided to them by Blue Edge will be the Processor of your personal data. The Processors who will be handling your information are detailed in our Employee Handbook, Consultancy Agreements and individual Supplier contracts.
Here is a quick reference guide as to who you can expect your data to be processed by:
Direct/ Indirect Candidates
If your profile or application is relevant to an open vacancy, your data may be shared with and processed by appointed Recruitment Agencies.
Employees
Data may be shared with Government/ Legal Bodies (such as Disclosure Scotland) and our Payroll Company. In case of emergency, your details may also need to be shared with emergency services. Further information will be explained to you in detail at induction.
Associates/ Prospective Associates
If you have signed a Consultancy Agreement with Blue Edge, you will find details of the Data Processors we expect to share your data with in Section 8 Data Protection. When you are placed on an Assignment, we will share your details with our Clients, Associates, and/or Employees and vice versa. The Client’s contact details will be provided to you in your Klient Task Assignment and is emailed to you at the start of each placement.
If you have not signed a Consultancy Agreement with Blue Edge, your data will only be shared with Clients after you have given your express permission by email.
Clients
Your personal data may need to be shared with other parties involved in the fulfilment of our contractual agreement. When we provide on-site support to your team, we will always need to share your contact details with the Associates who will be working with you.
There may also be specific circumstances where we need to share your data with Suppliers. For example, if we are hosting an event for your company, we may need to provide your details to the venue for contact purposes.
Prospective Clients
We collect the names, business email addresses and business telephone numbers of contacts at companies we would like to work with in future. We take care not to store unnecessary information. This data is maintained on a secure database and reviewed every two years to make sure that it is still relevant and required. Information collected in this way is NOT shared with third parties.
Suppliers
The personal data of relevant contacts working for our Suppliers are collected in order to fulfil the terms of our contract with you or your contract with Blue Edge. In some instances, we collect and store the names, business email address and business telephone numbers of Suppliers we have worked with, or whom we would like to work with in the near future. This data is maintained on a secure database and reviewed every two years to ensure that it is relevant and required. Supplier information is ONLY shared with third parties when it is a contractual or legal requirement to do so.
Emergency Contacts
When we employ people or place Associates on assignments, we also ask them to provide the personal contact details of the individual they would like us to contact in case of an emergency at Blue Edge or Client premises. In this case, the Employee or Associate providing the information is considered to be the Controller of that data, and Blue Edge is the Processor. This means that it is up to the Controller to guarantee that they have permission to provide this data to Blue Edge for the sole purpose of emergency contact. This information is only shared with relevant people when the situation requires.
WHAT HAPPENS IF THIS POLICY CHANGES?
We’re serious about our responsibility to protect your data so this policy will be subject to review every year. We reserve the right to update it at any time, as we improve our processes.
In the event of any changes, we will notify you by:
- Email (if we have your email address), or
- A message on our website (if we don’t have your email address)
Once we have notified you about changes to our Privacy Policy, the collection, use and sharing of your personal data will be subject to the updated terms.
2. WHAT DATA DO WE COLLECT AND HOW DO WE USE IT?
IF YOU APPLY FOR A JOB WITH US
Direct Candidates
We want to make sure that a job with us is right for you and that you’re a good fit for our team. To do this, we need to collect data to assess your skills and experience against the position criteria. Depending on how far we go through the application process, we may ask you for information such as:
- your full name
- your CV
- your email address
- your telephone number(s)
- your home address
- confirmation that you can work in the UK
- copies of your identity documents
- your references
We store Direct Candidate details on our database for five years or longer if you give your permission thereafter. This means we can contact you if a similar position becomes available that year or check whether you want to be considered for future positions further down the line.
WHEN WE APPROACH YOU TO APPLY FOR A JOB WITH US
Indirect Candidates
We rely on a strong network of talented individuals. You may hear from us if we think you’d make a great addition to our team. You may have been recommended to us by another contact in our network, or perhaps we have worked with you in another capacity, as a Supplier or Client.
In these cases, discretion is paramount so we research your experience whilst we prepare to approach you. This means we will temporarily store the following details until you either start the application process (become a Direct Candidate) or declare that you are not interested in working with us.
- your full name
- your LinkedIn profile (if available)
- your email address
- your telephone number(s)
Data stored for this purpose is kept on our secure database and reviewed every two years If you declare that you are not interested, or the data is considered no longer relevant, it will be anonymised or deleted, depending on the circumstance.
IF YOU’RE CURRENTLY EMPLOYED US
Employees
You are obliged to provide certain information in order for us to fulfil our legal duties as your employer. The types of data we collect is summarised below but will be explained to you at induction.
- your full name
- your CV
- your email address
- your telephone number(s)
- your home address
- confirmation that you can work in the UK
- copies of your identity documents
- your references
- name, phone number and relationship of your emergency contact
- your bank details (for salary payments, etc.)
- your car registration number (if you are entitled to a parking permit)
- notes about your personal development
- contents of your Personal Development Plan
Data collected about current Employees is stored on our secure server and in physical, locked archives off-site.
To fulfil the legal requirements of our contract with you, we need to maintain this data for the duration of your employment and for up to six years after you leave. This is because we use some of your data to inform other reports which we are legally obliged to send to authorities. After this time has expired, we will review the data we hold every two years. If the data is judged to be no longer relevant we will delete it from our records. Or, if we need to retain it for longer, we will ask your permission. If you are unresponsive to our request and we still need to keep your information, we will anonymise it and notify you that this is what we have done.
IF YOU USED TO BE EMPLOYED BY US
Ex-Employees
We may hold some of your personal data for six years after you leave our employment. This is so that we can ensure legal compliance with the authorities we report to (e.g. HMRC).
The personal date we hold, may include:
- your full name
- your email address
- your telephone number(s)
- your home address
- copies of your identity documents
After six years, your data will be reviewed on every two years and either anonymised, or deleted.
IF YOU’RE WORKING ON OUR BEHALF
Associates
You are obliged to provide certain data to enable us to fulfil the terms of our Consultancy Agreement and any subsequent Task Assignments with you. Keeping this personal data ensures that we can pay you for your services.
- your full name
- your CV and/or LinkedIn profile
- your email address
- your telephone number(s)
- your home address
- copies of your professional indemnity/ public liability insurance documents
- your references
- name and telephone number of your emergency contact
- contents of emails to us
- notes on telephone calls/ conversations with us
- details of private assignments you are undertaking that may affect assignments with our clients
- notes on your availability for upcoming assignments
We store details like these for the duration of your contract with us and for up to two years after contract termination. After this time, your personal data will be reviewed every two years and either maintained with your permission, anonymised or deleted.
WHEN YOU APPLY TO WORK ON OUR BEHALF
Prospective Associates
Before we enter into a Consultancy Agreement with you, we may temporarily store the following details on our database:
- your full name
- your CV and/or LinkedIn profile
- your email address
- your telephone number(s)
- your general location
- your references
- contents of emails to us
- notes on telephone calls/ conversations with us
- preferences as to what assignments you may like to work on
We store these for up to a year or until you sign a Consultancy Agreement with us. After this time, your personal data will be reviewed every two years and either maintained with your permission, anonymised or deleted.
WHEN YOU’RE USING OUR SERVICES
Clients
We are required to store the following personal data of individuals representing our clients so that we may fulfil our contractual obligations. The details we keep may include:
- your full name
- your business email address
- your business telephone number(s)
- your business address(es)
- contents of emails to us
- notes on telephone calls / conversations with us
This information is stored for the duration of our contract with you and for up to five years afterwards. Following this period, your data will be reviewed every two years and either maintained with your permission or deleted.
WHEN WE’RE OFFERING OUR SERVICES TO YOU
Prospective Clients
Most of our business comes from referrals but there are times when we want to introduce ourselves to new potential Clients. We don’t believe in cold calling or sending out blanket emails. We prefer to only contact the people who we know will find our services helpful. Making sure that we are targeting relevant individuals requires us to research and collect data that we store without permission until we enter into a contract or we find a more relevant target contact.
The personal data we collect to achieve this aim, may include:
- your name
- your business telephone number
- your business email address
- your job title(s)
- information on previous projects you have worked on
- contents of any email correspondence between us
- notes on any telephone conversations we’ve had
Data stored in this way is reviewed every five years and deleted once determined as no longer relevant.
WHEN WE’RE USING YOUR SERVICES
Suppliers
In most cases, the data we process for the fulfilment of Supplier Contracts is determined by our specific agreement with each Supplier. We typically store the following personal details of Supplier contacts whose services we are currently using or will be likely to need in the future.
- your name
- your business telephone number
- your business email address
- your job title
- contents of any email correspondence between us
- notes on any telephone conversations we’ve had
Data stored in this way is reviewed every five years and deleted once determined as no longer relevant.
IF YOU’RE INVOLVED IN AN EMERGENCY
Emergency Contacts
If your details have been provided to us as an Emergency Contact, it is the responsibility of the Associate/ Employee to obtain your permission for us to store this information.
These are the details we store for this purpose:
- your name
- your telephone number(s)
- your address
- your relationship to the Associate/ Employee
This data is kept for the duration of the Associate/ Employee’s contract with us and deleted when your Associate record is removed.
3. HOW DO WE SHARE INFORMATION?
EMAIL/ PHONE/ SECURE PLATFORMS
Associate/ Client/ Candidate information is often shared between Blue Edge, our Clients and our Data Processors by email. We use a secure web-based provider and keep information shared in this way to a minimum. Most often, the data emailed to these parties includes your name, telephone number(s) and email address. We also file email correspondence relevant to the delivery of contracts and our performance. In the case of Associates, we may also email a Blue Edge copy of your CV to Clients, with your permission.
We sometimes give names, email addresses and telephone numbers in calls with our Clients, Associates and Suppliers. We obtain indemnities from the parties we are providing this information to, making sure that they know and accept their obligations to store and use this information responsibly and in line with GDPR.
Supplier, Associate, Client and Employee information may need to be shared for Accounting and Reporting purposes. In these cases, the data is shared using secure online platforms such as cloud-based Accounting Systems which are maintained by Blue Edge or the Data Processor, depending on the circumstance.
POST
We very rarely share information by post but when we are required to send copies of personal identification documents or other sensitive data, we use recorded delivery to ensure data security where possible.
4. YOUR DUTIES & CHOICES
DATA RETENTION
We keep your data for as long as is necessary for the fulfilment of contractual obligations, or for as long as is relevant to our business activity.
Direct/ Indirect Candidates
Your personal data will be kept for up to five years if you are a Direct Candidate, or up to two years if you are an Indirect Candidate, after which time it will be reviewed and either:
- maintained with your permission for another year, or
- deleted altogether.
Employees (Past and Present)
Your personal data will be kept for the duration of your employment and for up to six years thereafter, for reporting and accounting purposes. After this time, your data will be reviewed and either:
- anonymised and maintained but reviewed on a yearly basis
- deleted altogether.
Associates (Past and Present)
Your personal data will be kept for the duration of your Consultancy Agreement and for up to two years after termination. After this it will be reviewed every two years and either:
- maintained with your permission for another year, or
- deleted altogether.
Prospective Associates
Your personal data will be kept for up to two years after you initially register with us, after this time it will be reviewed every two years and either:
- maintained with your permission for another year, or
- deleted altogether.
Clients
Personal data of Client representatives will be kept for the duration of our Contract with the Client, or until an alternative contact is specified (for example, if you leave the company and handover to another person). After our contract is completed, we will retain your details for up to five years, after which time your data will be reviewed every two years and either:
- maintained with your permission for another year, or
- deleted altogether.
Prospective Clients
Personal data belonging to representatives of Prospective Clients is kept for as long as is determined relevant to our business activity. Your data will be reviewed every five years and deleted if it becomes irrelevant.
Suppliers
Personal data belonging to representatives of Supplier companies will be reviewed every five years and deleted if it is determined to be no longer relevant.
Emergency Contacts
The personal details supplied to us for use in case of an emergency involving one of our Employees or Associates will be retained for the duration of our contract with the Associate/ Employee and deleted once the employment contract is terminated or when the associate record is removed.
A NOTE TO DATA PROCESSORS
If we provide personal data to you for processing in relation to our services or contracts, it is your responsibility to ensure the security, safe storage, and appropriate use of that information. Prior to processing data controlled by us, we require you to complete an Indemnity Form confirming your compliance with GDPR regulations.
You should receive an Indemnity Form by email.
If you have not received an Indemnity Form, please email info@blue-edge.co.uk to request a new one.
ACCESSING AND CONTROLLING YOUR PERSONAL DATA
Your personal data belongs to you and you are in control of how we use it.
If you’re not happy with how we are using your data or if some of your data is no longer relevant, you can ask us to:
Delete It
You can ask us to delete all or some of your personal data from our records.
e.g. if we no longer have a legal reason to keep it, or if you simply don’t want us to be able to contact you.
Deletion requests are processed case-by-case. This is because, if you are in a contractual agreement with us, deletion of your data may mean termination of that contract.
We will always explain the repercussions of your deletion request before complying. Once you have confirmed your understanding we will proceed to remove your personal data from our records.
You can ask for your data to be deleted at any time by emailing this address:
info@blue-edge.co.uk
Please quote: ‘Deletion Request’ in the Subject line.
Change or Correct It
If you are happy for us to keep your data but are aware that all or some of it is inaccurate, you may ask us to change or update it at any time by completing a new GDPR Compliance Form or by emailing info@blue-edge.co.uk.
Restrict It
If your personal data is inaccurate or unlawfully held, you can ask us to stop using all or some of it. In cases where we need to maintain information about you, we will seek to anonymise it before continuing to use it to fulfil our legal/ contractual obligations. Otherwise, we will delete the data you ask us to remove and comply with your request to stop using it.
Access It
You may request a copy of the personal data we’re storing about you. This can be requested at any time by emailing info@blue-edge.co.uk.
We aim to respond to all requests within 30 days and the timeframe compliance will be agreed with you on a case-by-case basis (as it depends on how far-reaching the requested changes will be).
5. OTHER IMPORTANT INFORMATION
SECURITY
We do our utmost to protect your personal data by using secure systems and regularly monitoring and improving our data-handling processes. However, we cannot guarantee that your data may not be compromised if our safeguards are breached. In-line with GDPR, we will report any breach as soon as we can.
LEGAL BASES
We use the following legal bases to justify our collection and use of your personal data. We only collect and process your details if there is a legal basis to do so.
Consent
Where you have given us your explicit consent to store your personal data. This is particularly relevant to Direct Candidates and Prospective Associates. You may withdraw or decline your consent at any time by emailing info@blue-edge.co.uk.
Contract
Where processing your personal data is necessary for the performance of a contract with you. For example, to use your services as an Associate or Supplier, to deliver our services to you as a Client or to be able to work with you as an Employee.
Legitimate Interest
Where keeping your personal data is necessary for pursuing new business or procuring new services. This is particularly relevant to Prospective Client or possible future Supplier and you may, at any time, object to us using your data in this way. See Accessing and Controlling Your Personal Data.
Compliance with Legal Obligations
Where processing your personal data is necessary to comply with legal obligations set by the authorities, e.g., maintaining Past Employee records for criminal record checks, tax purposes, etc.
Vital Interest
Where processing your personal data is necessary to protect the vital interests of you or your relative (where you are listed as the Emergency Contact). This only applies to emergency ‘life-or-death’ situations.
CONTACT US
Your opinions matter. If you have any questions or concerns regarding this policy, please contact us by email or phone.
E: info@blue-edge.co.uk
T: 01273 328 125