Crafted Syntax Limited (“we”, “us”, “our”) is a data controller. This means that we are responsible for deciding how we hold and use personal information about you.
Data Protection Principles
We’ll comply with data protection law. This says that the personal information we hold about you must be:
- Used lawfully, fairly and in a transparent way.
- Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes.
- Adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.
- Accurate and kept up to date.
- Kept in a form that identifies you for only as long as necessary for the purposes we have told you about.
- Kept securely.
The Kind of Information We Hold About You
Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
We process data about:
- job applicants
We collect, store and use certain categories of personal information about you such as:
- personal contact details, e.g. name, telephone numbers and email addresses
- applicant data, e.g. work experience, education and right to work
We’ll also collect, store and use certain special categories of more sensitive personal information—which require a higher level of protection—such as:
- unspent criminal convictions (later stages of recruitment process)
How Your Personal Information is Collected
We collect personal information directly from you in circumstances such as:
- whenever you contact us
- request a quote or estimate
- apply for a job
We don’t collect personal information from third parties.
How We Use Your Information
We’ll only use your personal information when the law allows it. Most commonly, we’ll use your personal information where:
- we need to comply with a legal obligation
- it’s necessary in order to fulfil contractual obligations between us, or it is a prerequisite to a contract (e.g. providing a quote)
In limited circumstances we’ll ask you for your consent to use your personal information, but your consent is not required if any of the above apply.
Situations in Which We’ll Use Your Personal Information
We’ll process your personal information when carrying out our responsibilities in relation to:
- customer management
- account related notices
- job applications
Automated Decision Making
Automated decision making is not carried out.
We will, when legally required, share your data with third parties, including:
- law enforcement agencies (e.g. police)
- public or governmental authorities
Use of Third Party Service Providers
We use or work with contractors and other third party service providers who will process personal data on our behalf.
Those third parties are our data processors and can only process personal data on our instructions or with our agreement.
All our third party service providers are required to take appropriate security measures to protect your personal information in line with our policies.
We do not allow our third party service providers to use your personal data for their own or other purposes.
Transfer of Information Outside the EU
When we do so we’ll ensure that we meet our obligations under the GDPR and DPA 2018.
We treat the security of your data very seriously. We have strict security standards and regular training about how to keep information safe.
We have put in place appropriate technical, physical and managerial procedures to safeguard and secure the information we collect about you. In addition, we limit access to your personal information to those persons, or agents who have a business or legal need to do so.
We have put in place procedures to deal with any suspected data security breach and will notify you and the regulator of a suspected breach where we are legally required to do so.
How Long We’ll Use Your Information
We aim to retain your personal information for only as long as it is necessary for us to do so for the purposes for which we are using it.
In some circumstances we’ll anonymise your personal information so that it can no longer be associated with you, in which case we will use such information without further notice to you.
Rights of Access, Correction, Erasure and Restriction
You have a number of rights in relation to the processing of your personal information by us. These are outlined below.
Your Responsibility to Inform Us of Changes
It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes.
Your Rights in Connection with Personal Information
Under certain circumstances, by law you have the right to:
- Request access to your personal information (commonly known as a subject access request). This enables you to know what personal information we hold about you and to check that we are lawfully processing it.
- Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
- Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. This does not apply where we are legally obliged to process your personal information or where the processing is necessary for performing our functions. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing.
- Object to processing of your personal information where you have grounds to object which relate to your particular situation, in which case we will stop processing the personal data unless we can demonstrate compelling legitimate grounds for the processing, which override your interests, rights and freedoms.
- Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want to establish its accuracy or the reason for processing it.
Right to Withdraw Consent
We usually process personal data because we are required to do so by law, or because it’s part of our contractual obligations with you.
In the limited circumstances where you have provided your consent to the collection, processing and transfer of your personal information for a specific purpose, you have the right to withdraw your consent for that specific processing at any time.
We’ll have told you how to withdraw your consent when you provided it and you should follow that process. If not, contact us specifying how and when you provided your consent, and for what purpose.
Once we’ve received notification that you have withdrawn your consent, we’ll no longer process your information for the purpose or purposes you originally agreed to, unless we have another legal basis for doing so in law.
Contact Crafted Syntax Limited or Make a Complaint
Crafted Syntax Limited
SIF 8, The Workstation
15 Paternoster Row
You also have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues.
Contact the ICO
You can contact the Information Commissioner:
- Telephone: 0303 123 1113 (local rate)
- Email: firstname.lastname@example.org
Alternatively, you can write to:
The Information Commissioner
The Information Commissioner’s website has more information about data protection and your rights.
Check this page to make sure you are aware of what information we collect, how we use it and the circumstances we may share it with other organisations.