Table of Contents:
- What information we may collect about you?
- Why does the organisation process personal data?
- How we will use your information
- Legal Grounds for Processing your information
- Who has access to data?
- How does the organisation protect data?
- For how long does the organisation keep data?
- Your information rights
- Document Version Control
Data controller: Dynamic Contract Solutions, Pantiles Chambers, 85 High Street, Tunbridge Wells, Kent, TN1 1XP
Data protection officer: Dovile Jablonske, Dynamic Contract Solutions, Pantiles Chambers, 85 High Street, Tunbridge Wells, Kent, TN1 1XP
ICO Registration number: ZA370248
This Policy may change from time to time and, when such a case arises, the up-to-date version will always be available on our website and becomes effective immediately.
The organisation collects and processes personal data relating to its contractors to manage the independent/self-employed contractor relationship with in country partners. The organisation is committed to being transparent about how it collects and uses that data and to meeting its data protection obligations.
What information we may collect about you?
We may collect and processes a range of information about you through various means. This includes:
- In the course of carrying out work for you (or your business)
- details of periods of leave taken by you, including holiday, sickness absence, family leave and sabbatical.
The personal data described above may relate to any of the following categories of person
- our clients and clients’ personnel
- our prospective employees, work experience students or other job applicants
- those emergency contacts whose details have been provided to us by our people
- third parties with whom we have contact by virtue of providing payroll services (e.g. third-party payers of invoices and counterparties on a client’s matter)
- our contacts at our ‘Preferred Firms’ or referrers, professional advisors or others with whom we work in the context of our payroll services
- our prospective target clients
- our contractors and suppliers
- those who submit enquiries through our website or whose details are otherwise entered into our client relationship management system.
Data is stored in a range of different places, including in your personnel file, in the organisation’s Salesforce and Xero management systems and Live Drive (Cloud Drive) including other IT systems (including the organisation’s email system).
Why does the organisation process personal data?
The organisation needs to process data to enter into an independent business agreement with you and to meet its obligations under your engagement. For example, it needs to process your data to provide you with agreement to pay you in accordance with your terms of business and to administer remuneration requirements.
In some cases, the organisation needs to process data to ensure that it is complying with its legal obligations. For example, it is required to check an employee’s entitlement to work in the UK or any other EEA jurisdiction, to complete necessary registrations for tax deductions or to carry out criminal record checks to ensure that individuals are permitted to undertake the role in question and comply with local country requirements.
How we will use your information:
We may use your information for the following purposes:
- to respond to any query that you may submit to us
- to manage our relationship with you (and/or your business), including by maintaining our database of clients and other third parties for administration, and accounting and relationship management purposes
- to complete our contractual obligations to you, or otherwise taking steps as described in our engagement terms and/or our Terms of Business (including any associated administration)
- to send you any relevant information on our services and events that may be of interest to you using the email and/or postal address which you have provided, but only if you have given us your consent to do so or we are otherwise able to do so in accordance with applicable European Data Protection Legislation
- to process any payment illustrations
- to ensure that our website’s content is presented in the most effective manner for you and your device
- to customise our website according to your interests
- to administer our website and for internal operations, including troubleshooting, data analysis, testing, research
- to comply with any other professional, legal and regulatory obligations which apply to us or policies that we have in place
- as we feel is necessary to prevent illegal activity or to protect our interests.
Legal Grounds for Processing your information:
We will rely on the following legal bases under European Data Protection Legislation for processing your personal data:
- Performance of, or entry into, a contract. The personal data that we are required to collect in order to comply with any other professional, legal and regulatory obligations which apply to us must be provided to us in order for us to perform this contract – we would not be able to act for you without this personal data.
- Compliance with a legal obligation to which we are subject.
- We have a legitimate interest in doing so as a payroll services provider (and where our legitimate interests are not overridden by your (or the relevant individual’s) own interests or fundamental rights or freedoms). These legitimate interests will include our interests in managing our relationship with our clients and ascertaining achievement of proper standards/ compliance with policies, practices or procedures.
- Where processing of ‘special category data’ is necessary in the context of the establishment, exercise or defence of legal claims.
- in certain circumstances, such as those described in “how we will use your data” above or where we need to process ‘special category data’ in the context of our payroll work but outside the scope of “Legal Grounds for processing your information” above, where we have obtained your express consent to do so. As we will explain at the time we collect your consent, you may withdraw it at any time in accordance with the information we provide to you at that time.
Who has access to data?
Your information will be shared internally, including Client Services team and Operations team.
The organisation shares your data with third parties in order to complete local country registrations and establish your self-employed structure and where required, to obtain necessary criminal records checks from the Disclosure and Barring Service.
The organisation also shares your data with third parties that process data on its behalf in relation to pension or insurance providers.
The third parties include:
- our bank (including as permitted by The Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 which, for the purposes of preventing money laundering or terrorist financing, may require us to disclose your personal data on request to our bank from time to time where we hold monies in our pooled Client Account on your behalf)
- our insurers
- our auditors, including external accreditation bodies
- other professional advisors or third parties (including counsel, overseas lawyers, accountants) with whom we engage as part of our work for our clients or who our clients separately engage in the same context
- our data processors providing accountancy, email security, data governance, archiving and other IT and business support services
Your data may be transferred to countries outside the European Economic Area (EEA). Data is transferred outside the EEA on the basis of compliance and auditing.
How does the organisation protect data?
The organisation takes the security of your data seriously. The organisation has internal policies and controls in place with the aim to ensuring that your data is not lost, accidentally destroyed, misused or disclosed, and is not accessed except by its contractors and employees in the performance of their duties.
Our Web site page is protected by Wordfence Security and has SSL Certificate installed to ensure that all content on our web site is secured.
Web usage information (e.g. IP address), your login information, browser type and version, time zone setting, operating system and platform.
Information about your visit, including the full Uniform Resource Locators (URLs) clickstream to, through and from our website (including date and time); time on page, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks and mouse-overs).
We follow strict security procedures as to how your personal information is stored and used, and who sees it, to help stop any unauthorised person getting hold of it. All personal information you register on our website will be located behind a firewall. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access. Unfortunately, the transmission of information via the internet is not completely secure and although we do our best to protect your personal data, we cannot absolutely guarantee the security of your data.
We will keep your information stored on our systems for as long as it takes to provide the services to you and in accordance with our Terms of Business. We may keep your data for longer than our stated retention period if we cannot delete it for legal, regulatory or technical reasons.
The third parties we engage to provide services on our behalf will keep your data stored on their systems for as long as is necessary to provide the services to you.
Where the organisation engages third parties to process personal data on its behalf, they do so on the basis of written instructions, are under a duty of confidentiality and are obliged to implement appropriate technical and organisational measures to ensure the security of data.
For how long does the organisation keep data?
The organisation will hold your personal data for the duration of your project. The periods for which your data is held after the end of your engagement are in line with legal requirements.
Your information rights
As a data subject, you have a number of rights. You can:
- access and obtain a copy of your data on request;
- require the organisation to change incorrect or incomplete data;
- require the organisation to delete or stop processing your data, for example where the data is no longer necessary for the purposes of processing;
- object to the processing of your data where the organisation is relying on its legitimate interests as the legal grounds for processing; and
- ask the organisation to stop processing data for a period if data is inaccurate or there is a dispute about whether or not your interests override the organisation’s legitimate grounds for processing data.
If you would like to exercise any of these rights, please contact Dovile Jablonske on email address email@example.com.
You can make a subject access request by completing the organisation’s, click here
If you consent to us contacting you, we will always aim to be respectful, relevant and appropriate. If at any time you do not think that we have complied with this, please contact us straight away to let us know.
You also have the right to make a complaint to the Information Commissioner’s Office. For more details please visit the ICO website.
Questions, comments and requests regarding this Policy should be addressed to our Data Protection Officer:
Name: Dovile Jablonske
Address: Dynamic Contract Solutions, Pantiles Chambers, 85 High Street, Tunbridge Wells, Kent, TN1 1XP
Email address: firstname.lastname@example.org
Alternatively, you can contact us through the Contact Us section of our website
Document Version Control:
Version Number: 1
Date version active: 18.05.18
Amendments made to previous version: First version