Privacy Notice

Company Name: vivoHR & Training(UK) Ltd (hereafter may be referred to as “vivoHR”, “the Company” or “we”)
Company Address: 2B Stanhope Gate, Stanhope Road, Camberley, Surrey, GU15 3DW
Privacy Compliance Manager: Samantha Swinstead
Contact Details: sam@vivoHR.co.uk / 07816 316598 / 01252 757359

This privacy notice provides you with details of how we collect and process your personal data.

If you are not happy with any aspect of how we collect and use your data, you have the right to complain to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). Please contact us first if you do have a complaint so that we can try to resolve it for you.

It is very important that the information we hold about you is accurate and up to date. Please let us know if at any time your personal information changes by emailing the Privacy Compliance Manager.

The Company collects and processes personal data relating to the people we interact with in the conduct of our business as customers, prospective customers, suppliers, associates and other business individuals that we are in contact with as part of our business activities, and as job applicants, employees, ex-employees , workers and contractors of our customers

The Company is committed to being transparent about how it collects and uses that data and to meeting its data protection obligations. This Privacy Notice summaries your rights and our responsibilities to you.

What Information Does The Company Collect?

Personal data is defined by the General Data Protection Regulation (EU Regulation 2016/679) (the “GDPR”) as any information relating to a living identifiable person.

The Company collects and processes a range of personal data which is likely to include but is not limited to:

• Names, addresses, email addresses, phone numbers and any other contact details such as but not limited to skype IDs
• Personal data relating to the job applicants, employees, ex-employees, workers, and contractors of clients where we are required to operate as a Data Processor and a Data Processor Agreement is in place, and where any such data is processed in accordance with the Data Protection Policies and / or Privacy Notices that clients have in place with job applicants, employees, ex-employees, workers and contractors as applicable
• Special categories of sensitive data relating to the job applicants, employees, ex-employees, workers and contractors of clients where this is necessary to carry out the HR Support activities that clients have requested and where the appropriate consents have been obtained by the employer when required
• Financial and accounting data
• Any other category of personal data which we may notify you of from time to time 

Why Does The Company Process Personal Data?

We will only use your personal data when legally permitted. The most common uses of your personal data are:

• Where we need to perform the contract between us
• Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests
• Where we need to comply with a legal or regulatory obligation.

Generally, we do not rely on consent as a legal ground for processing your personal data, other than in relation to sending marketing communications to you via post, email or text message. You have the right to withdraw consent to marketing at any time by emailing the Privacy Compliance Manager.

Set out below is a description of the ways we intend to use your personal data and the legal grounds on which we will process such data. We have also explained what our legitimate interests are where relevant.

We may process your personal data for more than one lawful ground, depending on the specific purpose for which we are using your data. Please email the Privacy Compliance Manager if you need details about the specific legal ground we are relying on to process your personal data where more than one ground has been set out in the table below.

Purpose/Activity	Type of data	Lawful basis for processing
To register you as a new customer	(a) Identity (b) Contact	Performance of or to enter into a contract with you
To process and deliver the service to you including: (a) Manage payments, fees and charges (b) Collect and recover money owed to us	(a) Identity (b) Contact (c) Financial (d) Transaction	(a) Performance of a contract with you (b) Necessary for our legitimate interests to receive payment and to recover debts owed to us
To manage our relationship with you which will include: (a) Notifying you about changes to our terms or privacy policy (b) Asking you to leave a review or take a survey	(a) Identity (b) Contact (c) Profile (d) Marketing and Communications	(a) Performance of a contract with you (b) Necessary to comply with a legal obligation (c) Necessary for our legitimate interests to keep our records updated and to study how customers use our products/services
To enable you to partake in a prize draw, competition or complete a survey	(a) Identity (b) Contact (c) Profile (d) Usage (e) Marketing and Communications	(a) Performance of a contract with you (b) Necessary for our legitimate interests to study how customers use our products/services, to develop them and grow our business
To administer and protect our business and our site (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data)	(a) Identity (b) Contact (c) Technical	(a) Necessary for our legitimate interests for running our business, maintaining adequate insurance cover, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise (b) Necessary to comply with a legal obligation
To deliver relevant content and marketing / advertisements to you and measure and understand the effectiveness of our advertising	(a) Identity (b) Contact (c) Profile (d) Usage (e) Marketing and Communications (f) Technical	Necessary for our legitimate interests to inform you of services and products that may be beneficial to you, and to study how customers use our products/services, to develop them, to grow our business and to inform our marketing strategy
To use data analytics to improve our website, products/services, marketing, customer relationships and experiences	(a) Technical (b) Usage	Necessary for our legitimate interests to define types of customers for our products and services, to keep our site updated and relevant, to develop our business and to inform our marketing strategy
To make suggestions and recommendations to you about goods or services that may be of interest to you – including: (a) Informing you of new services and products or of services and products that have been updated or upgraded, that may be useful or that are no longer suitable for use (b) keeping you informed about HR matters that may affect your business operations	(a) Identity (b) Contact (c) Technical (d) Usage (e) Profile	Necessary for our legitimate interests to develop our products/services and grow our business

 

You will receive marketing communications from us if you have:

• requested information from us or purchased goods or services from us; or
• if you provided us with your details and positively confirmed at the point of entry of your details that you agree to us sending you marketing communications; and
• in each case, you have not opted out of receiving that marketing.

We may send you marketing information by email, telephone, text, or post and such marketing may include useful information, employment law updates, details of new case law, information relating to the rights and responsibilities of both employees and employers, best practice hints and tips, general news about the company and our activities, special offers and details of new products or services. You will not be sent any unlawful marketing or spam.

It is not our intention to share your personal data with third parties for marketing purposes but if at any point in future this were to change we will get your express opt-in consent before we share your personal data with any third party for marketing purposes.

You can ask us or third parties to stop sending you marketing messages at any time by emailing the Privacy Compliance Manager.

Where you opt out of receiving our marketing communications, this will not apply to personal data provided to us as a result of a product/service purchase, warranty registration, product/service experience or other transactions.

Who Has Access To The Data?

Data will be shared internally in vivoHR so that all employees of the business can provide HR Support as appropriate when required and to enable us to administer and manage our business activities.

We will share your personal data as appropriate with the parties set out below for the purposes set out in the table in paragraph 2 above:

• Service providers who provide us with IT, system administration and website services
• Professional advisers including consultants, lawyers, bankers, accountants, bookkeepers, auditors and insurers who provide us with business development and marketing consultancy, banking, legal, insurance and accounting services
• Service providers who provide us, and you as one of our clients, with HR Management software – any such sharing of data is only done with your explicit consent and under your specific direction and instruction
• Outsourced administration services such as audio typists – providing transcripts of meeting recordings
• HM Revenue & Customs, regulators and other authorities based in the United Kingdom and other relevant jurisdictions who require reporting of processing activities in certain circumstances
• Third parties to whom we sell, transfer, or merge parts of our business or our assets

We require all third parties to whom we transfer your data to respect the security of your personal data and to treat it in accordance with the law. We only allow such third parties to process your personal data for specified purposes and in accordance with our instructions.

The data that we collect from you may be transferred to, and stored at, a destination outside the UK. It may also be processed by staff operating outside the UK who work for one of the third parties we contract with and may be engaged in, among other things, processing of HR-related data.

If your personal data is transferred outside of the UK, we do our best to ensure a similar degree of protection in respect of your personal information as we will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with the provisions set out in the Data Protection Act which includes the UK General Data Protection Regulations and any other company policy in effect at any time during or after your engagement with us.

We may also request your explicit consent to the specific transfer. You will have the right to withdraw this consent at any time.

Please email the Privacy Compliance Manager if you want further information on the specific mechanism used by us when transferring your personal data out of the UK.

How Does The Company Protect The Data?

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know such data. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

How Long Does The Company Keep Data For?

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

By law we have to keep basic information about our clients, including Contact, Identity, Financial and Transaction Data, for six years after the end of the financial year in which they cease being customers for tax purposes.

We may retain personal data about job applicants, employees, ex-employees, workers, and contractors of clients for as long as we continue to work with the client, and as long as it is necessary for us to retain that data and will only do so in accordance with the data retention periods set out in our clients’ privacy notices issued to about job applicants, employees, ex-employees, workers, and contractors.

In some circumstances you can ask us to delete your data: see below for further information.

In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.

What Are Your Rights?

As a data subject, you have a number of rights – you can:

• Know what data we hold about you
• access and obtain a copy of your data on request, and to request a transfer of data to another data controller
• require the Company to change incorrect or incomplete data
• require the Company to delete or stop processing your data, for example where the data is no longer necessary for the purposes of processing
• object to the processing of your data where the Company is relying on its legitimate interests as the legal ground for processing
• to be notified of a data security breach
• to withdraw consent processing where this was the legal basis relied upon for any such processing
• to complain to the Information Commissioner Office https://ico.org.uk/concerns/

If you wish to exercise any of these rights you should email the Privacy Compliance Manager.

You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

Changes to This Privacy Notice

We may update this Privacy Notice from time to time and we will notify you of any such changes by email. A copy of the most current version of this Privacy Notice is always available by clicking on the link in our email signatures, or may be requested by emailing the Privacy Compliance Manager.